The only methods I know on cracking an FTP site, still apply to SFTP.
SFTP has several improvements, namely point-to-point encryption, but
when it comes to login, they can both be exploited the same way. Brute
force or dictionary attack.
If you want to show something to your friend, run Wireshark and capture
the password he used to login to his site. Make him use SFTP and show
him the difference. You'll be showing the biggest problem with FTP -
plain text.
On Sat, 2008-10-11 at 01:22 +1100, Chip Panarchy wrote:
> Hello
>
> I was wondering if I could have some help in 'hacking'/'cracking' an FTP site.
>
> I know that FTP is a very old protocol... so I'm certain that there
> are many holes in it. Especially in one that hasn't been maintained
> for a few years.
>
> How do I crack the password on the FTP site so that I can use that to
> convince the owner of the site (a friend of mine) to switch to SFTP?
>
> I really want to know, because no matter how hard I argue with him,
> there still is no comparison to cold hard evidence. I've been trying
> to convince him for the last month, but he won't budge. Finally I got
> him to give me permission to attempt to hack his FTP site.
>
> So please tell me what method I can use to hack the FTP site.
>
> Thanks in advance,
>
> Chip Panarchy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
SFTP has several improvements, namely point-to-point encryption, but
when it comes to login, they can both be exploited the same way. Brute
force or dictionary attack.
If you want to show something to your friend, run Wireshark and capture
the password he used to login to his site. Make him use SFTP and show
him the difference. You'll be showing the biggest problem with FTP -
plain text.
Tiago
-
.--.
|o_o | Tiago 'gouki' Faria [ gouki (at) goukihq (dot) org [email concealed] ]
|:_/ |
// \ \ Jabber: gouki (at) goukihq (dot) org [email concealed]
(| | ) WWW: http://goukihq.org
/'\_ _/`\___)=(___/
On Sat, 2008-10-11 at 01:22 +1100, Chip Panarchy wrote:
> Hello
>
> I was wondering if I could have some help in 'hacking'/'cracking' an FTP site.
>
> I know that FTP is a very old protocol... so I'm certain that there
> are many holes in it. Especially in one that hasn't been maintained
> for a few years.
>
> How do I crack the password on the FTP site so that I can use that to
> convince the owner of the site (a friend of mine) to switch to SFTP?
>
> I really want to know, because no matter how hard I argue with him,
> there still is no comparison to cold hard evidence. I've been trying
> to convince him for the last month, but he won't budge. Finally I got
> him to give me permission to attempt to hack his FTP site.
>
> So please tell me what method I can use to hack the FTP site.
>
> Thanks in advance,
>
> Chip Panarchy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQBI746WvJin5DSCuhcRAmomAJ9AZKAnA/DDjZB83Ti/js+jqUMJXACdHW5E
BW14J+IQdHhqsWDF0ECz3HA=
=x1Tf
-----END PGP SIGNATURE-----
[ reply ]