Brute force FTP services are the most common attack on Internet, we just setup a simple tool to test a different combination of usernames and and passwords using wordlists against FTP authentication system. But if the username or password isn’t on those wordlists, we fail the attack.
FTP Brute force Attacks are the most common attack on FTP Servers, we just setup a simple tool to test a different combination of usernames and passwords using wordlists against FTP authentication system but if the username or password isn’t on those wordlists we fail. We need to create a custom wordlist for each company based on all data we collect during the recon phase.
Prepare to Brute force FTP Service
Before attack any system or service is necessary prepare our system and network to attack more efficiently. Check if FTP Protocol isn’t being blocked on some firewall between your machine and the target system and collect all the wordlists we need to use.
Sometimes we want to attack a specific username like administrator or root user on this case we just need a wordlist of passwords to use against these specific usernames. In some other cases we have a wordlist of usernames and the objective is to crack some accounts on these case i recommend a wordlist with the Top 100 passwords used.
Here we will test a wordlist against root user on a Linux system all we need is the IP address from the target system, port number from FTP service usually number 21 and the wordlist with Top 100 passwords used.
There are tons of wordlists on internet you can use but i will share with you some of my personal lists, the perfect path is to create specific list for specific targets based on all data collected during the recon phase and using OSINT.
Download Wordlists Here
Tools to Brute force FTP Servers
There are some tools to crack FTP Protocol the most well-known is THC-Hydra. It is very intuitive and can crack different kind of network services. Another great option is Nmap using the NSE engine
- Nmap NSE Engine
What to expect during the Attack
- Network filters and Rules
- Limit Failed logins attempts
- Known usernames blocked from remote access
Brute Force FTP login Hydra
hydra -l admin -P Top_100_Passwords.txt ftp://localhost/
Brute Force FTP login Metasploit
Start executing the Metasploit and search for ftp bruteforce
nmap --script ftp-brute -p 21 --script-args userdb=/root/Top_10_UserAdmins.txt,passdb=root/Top_100_Passwords.txt <IP>