Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?

From: "Tiago 'gouki' Faria" <gouki () goukihq org>
Date: Fri, 10 Oct 2008 18:19:18 +0100
The only methods I know on cracking an FTP site, still apply to SFTP.
SFTP has several improvements, namely point-to-point encryption, but
when it comes to login, they can both be exploited the same way. Brute
force or dictionary attack.

If you want to show something to your friend, run Wireshark and capture
the password he used to login to his site. Make him use SFTP and show
him the difference. You'll be showing the biggest problem with FTP -
plain text.

Tiago

-  
    .--.
   |o_o |       Tiago 'gouki' Faria [ gouki () goukihq org ]
   |:_/ |   
  //   \ \      Jabber: gouki () goukihq org
 (|     | )     WWW: http://goukihq.org
/'\_   _/`\
\___)=(___/


On Sat, 2008-10-11 at 01:22 +1100, Chip Panarchy wrote:

Hello

I was wondering if I could have some help in 'hacking'/'cracking' an FTP site.

I know that FTP is a very old protocol... so I'm certain that there
are many holes in it. Especially in one that hasn't been maintained
for a few years.

How do I crack the password on the FTP site so that I can use that to
convince the owner of the site (a friend of mine) to switch to SFTP?

I really want to know, because no matter how hard I argue with him,
there still is no comparison to cold hard evidence. I've been trying
to convince him for the last month, but he won't budge. Finally I got
him to give me permission to attempt to hack his FTP site.

So please tell me what method I can use to hack the FTP site.

Thanks in advance,

Chip Panarchy

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: