Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?

["Gustavo Castro" <gcastrop () gmail com>]

Chip:

  Crack a FTP server may not be the best way to prove that.
  What I did some time ago was setup a small scenario with three
machines (a "server", a client and my notebook) and start sniffing
traffic int my notebook between the server and the client. Then, I
told people to try different services and just tell them which
user/password they have used. Almost one hour of setup (creating
accounts for a bunch of people to check into SMTP/POP3, FTP, HTTP and
TELNET services), and two hours of presentation, but worth indeed.
  Most people don't understand how internet works, so they are unaware
of the security implicatios of this protocols, but this presentation
was a success, mostly because everyone leaved the room with the
helpless sensation of insecurity that was the objective of the whole
thing. When you simply say "Oh, this happens every single day,
everywhere, but nobody knows about it...", you can see them opening
their eyes in panic....
  Try something like that with your friend (in a smaller scale of
course, or invite a few more friends to justify your efforts and
maximize your fun), and he will surely follow your directions into
whatever you want.

2008/10/10 Chip Panarchy <forumanarchy () gmail com>:
> Hello
>
> I was wondering if I could have some help in 'hacking'/'cracking' an FTP site.
>
> I know that FTP is a very old protocol... so I'm certain that there
> are many holes in it. Especially in one that hasn't been maintained
> for a few years.
>
> How do I crack the password on the FTP site so that I can use that to
> convince the owner of the site (a friend of mine) to switch to SFTP?
>
> I really want to know, because no matter how hard I argue with him,
> there still is no comparison to cold hard evidence. I've been trying
> to convince him for the last month, but he won't budge. Finally I got
> him to give me permission to attempt to hack his FTP site.
>
> So please tell me what method I can use to hack the FTP site.
>
> Thanks in advance,
>
> Chip Panarchy



-- 
Saludos,
     Gustavo Castro Puig.
     E-Mail: gcastrop () gmail com

LPI Level-1 Certified (https://www.lpi.org/es/verify.html
LPID:LPI000042304 Verification Code: hp6re8w5qg )
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM/IT/ED dx s-:- a? C(+++)$ UL++++*$ P+ L++++(++)$ E--- W+++$ N+ o?
K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++(++++) DI+++
D++ G++ e++ h--- r y+++
------END GEEK CODE BLOCK------
Registered Linux User #69342

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------