NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2008-10

RE: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?

From: Craig Wilson (cwilsonppilearning.com)
Date: Sat Oct 11 2008 - 14:52:35 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Chip,

You say the site will be remote - if your looking to listen to the traffic and show the insecure username\password\traffic flow then your 'sniffing' machine will need to be able to see the traffic. Or, am I misunderstanding you and you wish to 'hack' the FTP site itself?

If you are looking to hack the site then the security of the site is what is important - the Secure part of SFTP is only the portion from the site to the client.

Cheers,
Craig

________________________________________
Craig Wilson
Senior IT Network Administrator & Support Analyst
T. 0207 264 5113
M. 07899895510
F. 02072645101
E. cwilsonppilearning.com
W. http://www.ppilearning.com/
P Think Green - Please do not print this email unless you really need to
http://www.ppilearning.com/promotions/winserver2008register.php

This email and any attachments are confidential information and solely intended to be read by the email addressees above. If you inadvertently receive this email, your access is unauthorised and you may not copy, disclose, distribute or otherwise use this email and its contents. If you have received this email in error, please inform us immediately at mailto:SAPPILearning.com and delete all copies from your system. PPI Learning Services accepts no legal liability for the contents of this email including any errors, interception or interference, as internet communications are not secure. Whilst PPI Learning Services and the sender have taken every precaution to prevent transmission of computer viruses, should this inadvertently occur we do not accept any liability. Any offer or acceptance of a contract for goods or services made in this email is subject to our standard terms and conditions (available on request), unless other terms and conditions have been agreed in writing between authorised signatories of the parties. PPI Learning Services Limited. Registered Address: 3-5 Crutched Friars, London, EC3N 2HR. Registered in United Kingdom Company Number 06008725

________________________________________

From: listbouncesecurityfocus.com [listbouncesecurityfocus.com] On Behalf Of Chip Panarchy [forumanarchygmail.com]
Sent: 11 October 2008 12:47
To: security-basicssecurityfocus.com; pen-testsecurityfocus.com
Subject: Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?

Well thanks for the replies guys.

The most helpful ones (apart from the ones explaining how the protocol
works and differences between that and SFTP etc.) were the ones that
suggested I use;

Brutus or Hydra. (oh, and Metasploit)

As my 'live-hack' will involve crack the FTP site remotely (completely
different network, thus making Wireshark less useful).

Hopefully I can get one of these programs to work.

Thanks, and please don't hesitate to continue to suggest

Panarchy

On Sat, Oct 11, 2008 at 1:22 AM, Chip Panarchy <forumanarchygmail.com> wrote:
> Hello
>
> I was wondering if I could have some help in 'hacking'/'cracking' an FTP site.
>
> I know that FTP is a very old protocol... so I'm certain that there
> are many holes in it. Especially in one that hasn't been maintained
> for a few years.
>
> How do I crack the password on the FTP site so that I can use that to
> convince the owner of the site (a friend of mine) to switch to SFTP?
>
> I really want to know, because no matter how hard I argue with him,
> there still is no comparison to cold hard evidence. I've been trying
> to convince him for the last month, but he won't budge. Finally I got
> him to give me permission to attempt to hack his FTP site.
>
> So please tell me what method I can use to hack the FTP site.
>
> Thanks in advance,
>
> Chip Panarchy
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]