teknic Posted April 23, 2010 Share Posted April 23, 2010 Is brute forcing with Hydra the best way to hack an FTP account? Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted April 23, 2010 Share Posted April 23, 2010 No Quote Link to comment Share on other sites More sharing options...
teknic Posted April 23, 2010 Author Share Posted April 23, 2010 So how would you do it? Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted April 23, 2010 Share Posted April 23, 2010 This might help. Bruteforce attacks against an FTP server are usually pointless because most, by default, have measure against it. You won't be able to bruteforce any FTP server that is worth anything because after about 5 bad login attempts, you will be blacklisted. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted April 23, 2010 Share Posted April 23, 2010 A far more effective method for breaking into FTP accounts, then bruteforce, is to call the owner of the machine on a telephone and ask for their username and password. ( I'm not joking, that is actually more effective ) Quote Link to comment Share on other sites More sharing options...
digip Posted April 23, 2010 Share Posted April 23, 2010 This might help. Bruteforce attacks against an FTP server are usually pointless because most, by default, have measure against it. You won't be able to bruteforce any FTP server that is worth anything because after about 5 bad login attempts, you will be blacklisted. Dotn foget the valuble Tracert hack! Quote Link to comment Share on other sites More sharing options...
digip Posted April 23, 2010 Share Posted April 23, 2010 Is brute forcing with Hydra the best way to hack an FTP account? If you were hired to pentest something, then yes, fastest. If not, then any good IDS should see what you are doing and alert the admin, if not block your attempts. Not saying all website hosting companies are doing this though, but even the software should have a grace period after so many attmepts, waits so many minutes before you can try again. Probalby the best way is to social engineer it out of someone, or at least do some research on your target sites admin to get an idea of things to limit your tries to using stuff relavant to the users personal life. A lot of people use passwords that contain something to do with their personal life. Even security admins who know better. Now, if you can determine the version running on the server by using something like a banner grab, you can google for results of know flaws or hacks to exploit said server. Good place for that is www.explo.it which took over the milw0rm archives and currently have new uploads on a daily basis. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 23, 2010 Share Posted April 23, 2010 (edited) This might help. Bruteforce attacks against an FTP server are usually pointless because most, by default, have measure against it. You won't be able to bruteforce any FTP server that is worth anything because after about 5 bad login attempts, you will be blacklisted. You could use multiple proxy servers, to mascarade your IP address to possibly have a successful bruce force attack, I know it may no sound possible but its feasible. Edited April 23, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
theyettihunta Posted October 12, 2010 Share Posted October 12, 2010 is there a way to setup hydra to cycle through different proxies as it bruteforces? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted October 15, 2010 Share Posted October 15, 2010 (edited) is there a way to setup hydra to cycle through different proxies as it bruteforces? Do a search for "proxy chains", however I don't know if that will help much, since its going through different proxies, instead of cycling through them. Another thing you could do is, look into Metasploit, and see if there is any vulnerabilities for the type of ftp server you are trying to attack. Edited October 15, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.