yyang
-
Posts
3 -
Joined
-
Last visited
Posts posted by yyang
-
-
But I changed threads to be 1 and tried again. It does not make much difference. Any other idea? Thanks.
msf auxiliary(ftp_login) > set THREADS 1
THREADS => 1
msf auxiliary(ftp_login) > run
[*] 192.168.33.203:21 - Starting FTP login sweep
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:123456 (Unable to Connect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:12345 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:123456789 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:password (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:iloveyou (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:princess (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:1234567 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:rockyou (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:12345678 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:abc123 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:nicole (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:daniel (Unable to Connect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:babygirl (Unable to Connect: ) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed -
Hello,
I am trying to bruteforce one of the VM machine running FTP server using metasploit framework but it does not work for me well for some reason. I mean ftp_login does not try all passowrds in the list. Does anyone know what might be wrong? Thanks.
nmap -p 21 192.168.33.203
Starting Nmap 6.40 ( http://nmap.org ) at 2014-11-20 02:16 EST
Nmap scan report for 192.168.33.203
Host is up (0.11s latency).
PORT STATE SERVICE
21/tcp open ftp
MAC Address: 00:50:56:AF:23:93 (VMware)msf auxiliary(ftp_login) > set RHOSTS 192.168.33.203
RHOSTS => 192.168.33.203
msf auxiliary(ftp_login) > set USER_FILE /usr/share/wordlists/user.txt
USER_FILE => /usr/share/wordlists/user.txt
msf auxiliary(ftp_login) > set PASS_FILE /usr/share/wordlists/rockyou.txt
PASS_FILE => /usr/share/wordlists/rockyou.txt
msf auxiliary(ftp_login) > set THREADS 50
THREADS => 50
msf auxiliary(ftp_login) > run
[*] 192.168.33.203:21 - Starting FTP login sweep
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:123456 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:12345 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:123456789 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:password (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:iloveyou (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:princess (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:1234567 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:rockyou (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:12345678 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:abc123 (Incorrect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:nicole (Unable to Connect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:daniel (Unable to Connect: )
[-] 192.168.33.203:21 FTP - LOGIN FAILED: root:babygirl (Unable to Connect: ) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed
Metasploit ftp_login not working well
in Security
Posted
Ok. I just tried to set BRUTEFORCE_SPEED to 0, and run it again. 3 more passowrds tried this time but "Unable to connect" again after that. Is there any other options to modify the delay in this module or should I suppose this machine is not vulnerable to brute force attack and give up? Thanks.