Penetration Testing mailing list archives
Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?
From: "Gustavo Castro" <gcastrop () gmail com>
Date: Fri, 10 Oct 2008 17:09:21 -0200
Chip: Crack a FTP server may not be the best way to prove that. What I did some time ago was setup a small scenario with three machines (a "server", a client and my notebook) and start sniffing traffic int my notebook between the server and the client. Then, I told people to try different services and just tell them which user/password they have used. Almost one hour of setup (creating accounts for a bunch of people to check into SMTP/POP3, FTP, HTTP and TELNET services), and two hours of presentation, but worth indeed. Most people don't understand how internet works, so they are unaware of the security implicatios of this protocols, but this presentation was a success, mostly because everyone leaved the room with the helpless sensation of insecurity that was the objective of the whole thing. When you simply say "Oh, this happens every single day, everywhere, but nobody knows about it...", you can see them opening their eyes in panic.... Try something like that with your friend (in a smaller scale of course, or invite a few more friends to justify your efforts and maximize your fun), and he will surely follow your directions into whatever you want. 2008/10/10 Chip Panarchy <forumanarchy () gmail com>:
Hello I was wondering if I could have some help in 'hacking'/'cracking' an FTP site. I know that FTP is a very old protocol... so I'm certain that there are many holes in it. Especially in one that hasn't been maintained for a few years. How do I crack the password on the FTP site so that I can use that to convince the owner of the site (a friend of mine) to switch to SFTP? I really want to know, because no matter how hard I argue with him, there still is no comparison to cold hard evidence. I've been trying to convince him for the last month, but he won't budge. Finally I got him to give me permission to attempt to hack his FTP site. So please tell me what method I can use to hack the FTP site. Thanks in advance, Chip Panarchy
-- Saludos, Gustavo Castro Puig. E-Mail: gcastrop () gmail com LPI Level-1 Certified (https://www.lpi.org/es/verify.html LPID:LPI000042304 Verification Code: hp6re8w5qg ) -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CM/IT/ED dx s-:- a? C(+++)$ UL++++*$ P+ L++++(++)$ E--- W+++$ N+ o? K- w O M V-- PS PE++(-) Y-(+) PGP+ t(++) 5+ X++ R tv+ b++(++++) DI+++ D++ G++ e++ h--- r y+++ ------END GEEK CODE BLOCK------ Registered Linux User #69342 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Chip Panarchy (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jon Kibler (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? p0liX (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Gustavo Castro (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Chip Panarchy (Oct 11)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jimmy Brokaw (Oct 12)
- RE: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Craig Wilson (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Robin Wood (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jon Kibler (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Adriel Desautels (Oct 12)