How to Hack an FTP Login
FTP open ports are very interesting targets for hackers. Even though very little are actually seen open today there are still quite a few unsecured on the net and if you are one of those admins, you may find yourself in a world of trouble. In this guide we will see how to find open ports and hack the FTP login with a wordlist or the infamous Metasploit framework.
Disclaimer: Before I go over the steps to do this I’d like to note that attacking someone’s network, computer or website without their permission is illegal in the United States and in most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or on someone’s who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular attackers (Anonymous) have either been or currently are in Federal prison. Do not be unethical.
*Windows or Linux
*Password & Username lists (available here)
Download and install Metasploit Framework (Pre-installed on Kali Linux)
Open a terminal and type “msfconsole” to run Metasploit. After you get the console, we need to scan open ports with NMAP.
Type “nmap -F -Pn targetIP”. Search for an open port (FTP) to catch.
Now you need to search for a good exploit for the FTP login. Type in “search ftp” (It will load slowly). You will get a quite a lot of modules and auxiliaries.
I know a very good auxiliary for this. So we will search “search ftp_login”. You will get only one auxiliary after this search. If you want to see more info about this auxiliary, type “info auxiliary/scanner/ftp/ftp_login”. You can read and explore this info.
But for this guide we will use this exploit.
Type in “use auxiliary/scanner/ftp/ftp_login”. Now, it is time to see the options for this auxiliary (required to set up).
Type “show options”. You will need to set up the options here.
To set the target type – “set RHOSTS targetIP”
To set threads type – “set THREADS 30”
To set the username – “set USERNAME root”
(You can use username as you want, I have shared the username list in requirements above). Or you can give the path to the username list.
After setting up the RHOSTS, THREDS and USERNAME, we will give the path of the password file which I have saved on the Desktop. Type “set PASS_FILE Desktop/Password List.txt” (Deskto/ is the path). Password List.txt is the file name.
You can use the password list provided here or your own.
Everything is ready, just type “run” and the password cracking will start. You’ll notice that the tab for every tried password is red. That’s because the password is incorrect. When it hits the right password the tab will go green and will not stop until it finishes the whole wordlist. Press ctrl+c to stop at anytime.
If you are not getting the right login, you may need to change the username to something other like admin or administrator if you haven’t given the username list path as I had given only one name manually. This process can take a lot of time. It depends upon the wordlist, username, internet speed and your social engineering skills.
After you get the username and password you can access the FTP server and exploit or do whatever you want to do but always remember… don’t be a dick. That is all. Thanks for reading.