Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?

From: p0liX <bugs () myzionetworks com>
Date: Fri, 10 Oct 2008 14:13:32 -0400
SFTP has nothing to do with the strength of the password. SFTP will only encrypt the FTP session. When logging in with FTP, the username and password is transmitted in plain text. Whereas SFTP encrypts the username and password as it's transmitted. So you would need to be sniffing the end users network while he logs in to his server with FTP to get his username and password.
You could do this and have him do the same with SFTP, then show him the results to compare and it will most likely bring things into perspective for the EU.
On Oct 10, 2008, at 10:22 AM, "Chip Panarchy" <forumanarchy () gmail com> wrote: 


Hello
I was wondering if I could have some help in 'hacking'/'cracking' an FTP site. 

I know that FTP is a very old protocol... so I'm certain that there
are many holes in it. Especially in one that hasn't been maintained
for a few years.

How do I crack the password on the FTP site so that I can use that to
convince the owner of the site (a friend of mine) to switch to SFTP?

I really want to know, because no matter how hard I argue with him,
there still is no comparison to cold hard evidence. I've been trying
to convince him for the last month, but he won't budge. Finally I got
him to give me permission to attempt to hack his FTP site.

So please tell me what method I can use to hack the FTP site.

Thanks in advance,

Chip Panarchy


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: