Jump to content

Is Brute Forcing With Hydra The Best Way To Hack An Ftp Account?

teknic

By teknic
in Security

 Share

Recommended Posts

H@L0_F00 Newbie

H@L0_F00

Posted
Posted

This might help.

Bruteforce attacks against an FTP server are usually pointless because most, by default, have measure against it. You won't be able to bruteforce any FTP server that is worth anything because after about 5 bad login attempts, you will be blacklisted.

Link to comment
Share on other sites
sablefoxx Newbie

sablefoxx

Posted
Posted

A far more effective method for breaking into FTP accounts, then bruteforce, is to call the owner of the machine on a telephone and ask for their username and password.

( I'm not joking, that is actually more effective )

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
This might help.

Bruteforce attacks against an FTP server are usually pointless because most, by default, have measure against it. You won't be able to bruteforce any FTP server that is worth anything because after about 5 bad login attempts, you will be blacklisted.

Dotn foget the valuble Tracert hack!

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted
Is brute forcing with Hydra the best way to hack an FTP account?

If you were hired to pentest something, then yes, fastest. If not, then any good IDS should see what you are doing and alert the admin, if not block your attempts. Not saying all website hosting companies are doing this though, but even the software should have a grace period after so many attmepts, waits so many minutes before you can try again. Probalby the best way is to social engineer it out of someone, or at least do some research on your target sites admin to get an idea of things to limit your tries to using stuff relavant to the users personal life. A lot of people use passwords that contain something to do with their personal life. Even security admins who know better.

Now, if you can determine the version running on the server by using something like a banner grab, you can google for results of know flaws or hacks to exploit said server. Good place for that is www.explo.it which took over the milw0rm archives and currently have new uploads on a daily basis.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)
This might help.

Bruteforce attacks against an FTP server are usually pointless because most, by default, have measure against it. You won't be able to bruteforce any FTP server that is worth anything because after about 5 bad login attempts, you will be blacklisted.

You could use multiple proxy servers, to mascarade your IP address to possibly have a successful bruce force attack, I know it may no sound possible but its feasible.

Edited by Infiltrator
Link to comment
Share on other sites
  • 5 months later...
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)
is there a way to setup hydra to cycle through different proxies as it bruteforces?

Do a search for "proxy chains", however I don't know if that will help much, since its going through different proxies, instead of cycling through them.

Another thing you could do is, look into Metasploit, and see if there is any vulnerabilities for the type of ftp server you are trying to attack.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...