Security Basics mailing list archives
Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?
From: "Tiago 'gouki' Faria" <gouki () goukihq org>
Date: Fri, 10 Oct 2008 18:19:18 +0100
The only methods I know on cracking an FTP site, still apply to SFTP. SFTP has several improvements, namely point-to-point encryption, but when it comes to login, they can both be exploited the same way. Brute force or dictionary attack. If you want to show something to your friend, run Wireshark and capture the password he used to login to his site. Make him use SFTP and show him the difference. You'll be showing the biggest problem with FTP - plain text. Tiago - .--. |o_o | Tiago 'gouki' Faria [ gouki () goukihq org ] |:_/ | // \ \ Jabber: gouki () goukihq org (| | ) WWW: http://goukihq.org /'\_ _/`\ \___)=(___/ On Sat, 2008-10-11 at 01:22 +1100, Chip Panarchy wrote:
Hello I was wondering if I could have some help in 'hacking'/'cracking' an FTP site. I know that FTP is a very old protocol... so I'm certain that there are many holes in it. Especially in one that hasn't been maintained for a few years. How do I crack the password on the FTP site so that I can use that to convince the owner of the site (a friend of mine) to switch to SFTP? I really want to know, because no matter how hard I argue with him, there still is no comparison to cold hard evidence. I've been trying to convince him for the last month, but he won't budge. Finally I got him to give me permission to attempt to hack his FTP site. So please tell me what method I can use to hack the FTP site. Thanks in advance, Chip Panarchy
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Chip Panarchy (Oct 10)
- RE: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Kenepp, Donald (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jon Kibler (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? p0liX (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Adriel Desautels (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Gustavo Castro (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Tiago 'gouki' Faria (Oct 10)
- Message not available
- Message not available
- Message not available
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Adriel Desautels (Oct 14)