bommaboy2789 Posted December 4, 2007 Share Posted December 4, 2007 My mate at skewl has recently acquired a website and hes lookin for me to try 'nd do some white hat hacking, to test its security. I figured my first attempt would be a usual blunt force trauma styled hackin, aka brute force. dose anyone here no of a good ftp username and pass word brute forcer? and if you guys have any tips on hacking him please don't heasitate to post em. p.S i am not jokin he has asked me to hack him so don't lock this please. Quote Link to comment Share on other sites More sharing options...
Sparda Posted December 4, 2007 Share Posted December 4, 2007 The best kind of attack on things like that are social engineering attacks. Try and send a email to him asking him to confirming his email username and password. If you want to go to the effort, get some one to call him (who he doesn't know) claiming to be from his host and do the same. Quote Link to comment Share on other sites More sharing options...
VaKo Posted December 4, 2007 Share Posted December 4, 2007 Nail one of his hands to a table surface, ask for his password. If he holds out, do the same with the other hand. People are always the weakest link in the security chain. Quote Link to comment Share on other sites More sharing options...
K1u Posted December 4, 2007 Share Posted December 4, 2007 My mate at skewl has recently acquired a website and hes lookin for me to try 'nd do some white hat hacking, to test its security. I figured my first attempt would be a usual blunt force trauma styled hackin, aka brute force. dose anyone here no of a good ftp username and pass word brute forcer? and if you guys have any tips on hacking him please don't heasitate to post em. p.S i am not jokin he has asked me to hack him so don't lock this please. Oh wow... no... just no. Knowing you, your not doing this for your "white hat" reasons, if I recall correctly you tried to pull this last time. Do I have any tips on hacking him... hmm let me think, you give almost no information other than its a "website", so no. Quote Link to comment Share on other sites More sharing options...
SmoothCriminal Posted December 4, 2007 Share Posted December 4, 2007 dose anyone here no of a good ftp username and pass word brute forcer? Screw brute force I would stick with the blunt force attacks. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted December 4, 2007 Share Posted December 4, 2007 [me=SomeoneE1se]laughs[/me] silly n00b blunt force trama style attacks are for 1337 h4x0rz Quote Link to comment Share on other sites More sharing options...
moonlit Posted December 4, 2007 Share Posted December 4, 2007 [me=moonlit]gives a low rumbling guffaw...[/me] Quote Link to comment Share on other sites More sharing options...
digip Posted December 4, 2007 Share Posted December 4, 2007 [me=SomeoneE1se]laughs[/me] silly n00b blunt force trama style attacks are for 1337 h4x0rz And users who carry tire irons and louisville slugger's in their trunk just in case they run into said n00bs. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted December 4, 2007 Share Posted December 4, 2007 If you want to brute force a FTP server (i have no idea why you would ever want to, as its a very ineffective method). And most FTP servers will ban you if you attempt more then 4 logons, so you'd have to get a mess of proxies, but anyway if you REALLY want to, use brutus (win32), or hydra(win32/linux) they support wordlists as well. Again, this kind of situation calls for more a SE attack, or access his physical system and try to dump some saved passwords, because people often use the same password in more then one place. "White Hat" ? Yeh ok. Quote Link to comment Share on other sites More sharing options...
Razor512 Posted December 11, 2007 Share Posted December 11, 2007 just beat your friend up until he gives you the password. brute forcing a ftp server is extremely slow and and many ftp servers have a timeout or a ban after a certain amount of failed logins which could make your brute forcing take years and you still wont be any closer to cracking the username and password, especially if you don't even know the username of the ftp login, so your brute forcing both the username and the password which will exponentially increase the time it takes Quote Link to comment Share on other sites More sharing options...
AndyzBong Posted December 24, 2007 Share Posted December 24, 2007 I agree with most that social engineering would be the best way to go about this. Perhaps a fake phishing email sent through an open mail relay server would be your best bet. You know him personally so you know the vulnerabilities in his character. Quote Link to comment Share on other sites More sharing options...
leetninja Posted December 30, 2007 Share Posted December 30, 2007 The best kind of attack on things like that are social engineering attacks. Try and send a email to him asking him to confirming his email username and password. If you want to go to the effort, get some one to call him (who he doesn't know) claiming to be from his host and do the same. Are there any websites/ tutorials for this? Thanks. Quote Link to comment Share on other sites More sharing options...
VaKo Posted December 30, 2007 Share Posted December 30, 2007 Why on earth would you need a website for that? Just use your imagination and lie, be amazed what people will belive… Quote Link to comment Share on other sites More sharing options...
leetninja Posted December 30, 2007 Share Posted December 30, 2007 I know that it would be easy. I was just wondering if there was some known tactics. I'll just use my imagination. Quote Link to comment Share on other sites More sharing options...
VaKo Posted December 30, 2007 Share Posted December 30, 2007 read some psychology and nlp papers. people will do the most stupid things for rewards. Quote Link to comment Share on other sites More sharing options...
leetninja Posted December 30, 2007 Share Posted December 30, 2007 Cool. Thanks! Quote Link to comment Share on other sites More sharing options...
digip Posted December 30, 2007 Share Posted December 30, 2007 I know that it would be easy. I was just wondering if there was some known tactics. I'll just use my imagination. Search the forums. There were some threads about where to start when learning about hacking, etc. They cover social engineering and such basic fundamentals. Also, as anyone will probably tell you, read, read, and then read some more. Not that I have a pie chart on me or anything but I would say 90% of hacking is knowledge and research and the other 10% is execution. Tinkering, trial and error. Search google and wikipedia, read tutorials and watch any videos you can get yoru hands on, but nothing will teach you more than just experimentation and trying things on your own to see what works. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted December 31, 2007 Share Posted December 31, 2007 read some psychology and nlp papers. people will do the most stupid things for rewards.enjoying your new phone VaKo? Quote Link to comment Share on other sites More sharing options...
VaKo Posted December 31, 2007 Share Posted December 31, 2007 Not new, but I like my HTC Vox Quote Link to comment Share on other sites More sharing options...
leetninja Posted December 31, 2007 Share Posted December 31, 2007 Search the forums. There were some threads about where to start when learning about hacking, etc. They cover social engineering and such basic fundamentals. Also, as anyone will probably tell you, read, read, and then read some more. Not that I have a pie chart on me or anything but I would say 90% of hacking is knowledge and research and the other 10% is execution. Tinkering, trial and error. Search google and wikipedia, read tutorials and watch any videos you can get yoru hands on, but nothing will teach you more than just experimentation and trying things on your own to see what works. Thank you very much digip! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.