Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?

From: Jon Kibler <Jon.Kibler () aset com>
Date: Fri, 10 Oct 2008 13:57:39 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chip Panarchy wrote:

Hello

I was wondering if I could have some help in 'hacking'/'cracking' an FTP site.



Chip,

No need to 'crack' ftp passwords... they are sent in the clear!
Basically, all you need to do is to sniff the network. Wireshark will
even format the capture to clearly show the ftp password. (If you demo
this, after sniffing an ftp password, make a connection using sftp while
sniffing the network... no password can be seen.)

If you are on a switched network, you can either wire a hub between the
switch and the router and sniff from there, or use ethercap or a similar
package to ARP spoof the default gateway, routing traffic first to you
and then to the real default gateway port.

I hope this helps!

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjvl5MACgkQUVxQRc85QlMmwwCgjm3FT5x+lr7ySBrliuY3bpsh
jhsAoJhIjjptFxHka4V8kRNWbGIxC3GB
=ojZg
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
Previous By Date Next
Previous By Thread Next

Current thread: