Hacking FTP


By on circuit,on 2009-07-15


FTP Hacking
- = / Telnet Introduction \ - =
Telnet was a very generous program back in the day, especially for programmers and businessmen, it gave them the ability to connect to their remote servers from a far location, such as a trip, a journey, etc. What telnet does is it connects to the persons I.P address (Internet Protocol) And a port, the port is used for communication, to stat what part they want to connect to, (examples: SMTP, FTP, SSH, etc, etc), and then when they insert the data it brings back the information to the user throughout a text-based platform.

- = / Is telnet illegal? \ = -
It honestly depends on what you are using it for, if your using it to transfer protocols and data throughout a network, then it is legal. If you are using it to gain access to a network, it is illegal.

- = / What is an FTP \ = -
FTP Stands for File Transfer Protocol, it is used to send and archive commands about files, but, when an attacker gets access to your FTP, they can view your files, download them, and even upload them if they wanted to.

- = / Protection \ = -
Protection is the most important part in this tutorial, if you do not want to get raided by the FBI do not bother reading this part..
Here is a recommended VPN (Virtual Private Server) That goes by the name of Hotspot Shield
Download :http://www.hotspotshield.com
After you install it, your shielded and ready to go! If you have some problems during the FTP attack with the VPN Disable the shield for a minute or two.

- = / Lets begin \ - =
First, you want to download Nmap, you can download it here, just choose your installation type and your ready to go:
http://nmap.org/download.html
After downloading Nmap, open up "Command Prompt"
Windows Vista - Start >> Search cmd >> open >> Type nmap your-target-here.com
Windows XP - Run >> Type cmd and/or command prompt >> type nmap your-target-here.com
Then your scan thread should start, go grab yourself a coffie, and when your back all the open ports should be located there.
You better hope Port 21 is opened, because that port is qualified for our FTP attack.
If its closed -------- Try another victim
If its opened -------- continue reading on !
Now that we passed that part, we now got to do some vulnerability testing
First, we got to try commonly used passwords. So you open up Command Prompt, type in ftp your-target-here.com
Now, your connected to the protocol, but not the network. So lets try out some Default Passwords first.
r00t:r00t
root:root
Fred:Fred
r00t:Password
root:password
Admin:password
Administrator:Password
Admin:pass123
Admin:qwerty
Admin:Site-name-here
Owner:administrator
Admin:god
Admin:secret
Admin:Sex
Admin:love
Admin:Password123
Admin:ftp360
Admin:ftp21
Admin:2sexy
Admin:qwert

I came across default passwords for UNIX systems, so I recommend you try these as well:
http://www.securityspace.com/smysecure/c...x+Accounts
Those are some commonly used ones I have been across before.
Test all those first, if you don't get a sucessful reply, continue reading on.
And also, some FTP servers have an Anonymous Login, meaning It has no PWD, or you can login with anything
So, try the defaulted passwords, and check if the system has an anonymous login.
The next method I am going to show you is called PHF. PHF was first discovered when two young teenagers got full access to the fbi.gov site using the PHF method.
But, what does it exactly do? It a file located in the cgi-bin which gives remote access to all files, including /etc/passwd/
Here is an example for you: http://TargetHere.com/cgi-bin/phf?Qalias...etc/passwd
That is PHF. The other way is social engineering, if you got some information, you should have the host type they in this case, they have, lets say FanFusion, fanfusion is used for people who want to build a website for a person they like for example, wrestlers, celebrities, etc. I will contact the Administrator, tell them my (victims) email is not working so I cannot use the link for forgetting the password and tell the admin what pass I want for our target.
That, is Social Engineering, it works a lot of times.
If we cannot use Social Engineering, and the attempt failed, We can use a different method called "Brute Forcing"
We will use 'Brutus' in our attempt.
Download Brutus: http://www.hoobie.net/brutus/
It allows FTP bruting, telnet bruting, etc.
Start it up, enter the IP in Target:
In type, press it and select FTP
In port, type in 21, since that is the main Port for FTP.
Then move down to Authenication Options Now, on your desktop, create users.txt and passwords.txt, they have to include Names and Passwords.. In a more simpler explanation. Users.txt: The users (Usernames) Passwords.txt (Passwords)
Now press start, and it should start scanning. Take a nap, wake up, start up your computer, and pray the password is cracked..

- = / What to do when your in \ - =
You can Upload a shell, c99, mshell2, etc. To do that type in mput, (without the comma) then it will ask for the local files. You will put where the shell is saved, for example, C:\users\r00t\c99.php then press enter and then it downloads it to the dictionary. Then go to the site, and after the / put in the file name you labeled on the shell. for example, SITE-Here.com/c99.php
then it should redirect you to your shell.
If you want to scan the files, type in dir, (without the comma), then it should display all the files, remember, some can be .FileName and others can be just FileName, now to open the file, type in dir .filename then it should display the context, if you want to view the file, type in dir .filename what-you-want-to-see
Remember, some can be .filename and others can be just filename without the period.
You can also delete files, just simply type in mdelete or delete then enter the remote file and press enter..
Reply me If u like it. Thanx
No Comments posted for this Topic

ADD COMMENT(Only for Registered Users)