In this video we will see how to find open ports and hack the FTP login with wordlist and Metasploit
Using Metasploit to hack FTP login
Steps and instructions -
FTP open ports are very delicious for hackers. Though not get to see open these days.
Metasploit - The hackers framework tool.
FTP port - The FTP, or the File Transfer Protocol, makes it possible for users to exchange files between their personal computers and remote servers with the help of specialized software tools called FTP clients.
Requirements for this hack -
* Kali Linux
* Metasploit (inbuilt in Kali)
* Password and User name lists (available here and here)
Note - You can use any wordlist, as you require. It depends on the target.
Steps -
* Open a terminal and type "msfconsole" to run metasploit
* After you get the console, we need to scan open ports with NMAP.
Type "nmap -F -Pn targetIP"
As you can see that we have caught a open port which is FTP.
* Now we need to search a good exploit for the FTP login.
Type in "search ftp"
(It will load slowly)
We will get a hell lot of modules and auxiliaries.
I know a perfect auxiliary for this.
So we will search "search ftp_login"
You will get only one auxiliary after this search.
If you want to see more info about this auxiliary, type "info auxiliary/scanner/ftp/ftp_login"
You can read and explore this info.
But today we will use this exploit.
* Type in "use auxiliary/scanner/ftp/ftp_login"
Lets see the options of this auxiliary (requires to set up)
Type "show options"
As you can see, we need to set up the options here.
To set the target type - "set RHOSTS targetIP"
To set threads type - "set THREADS 30"
To set the username - "set USERNAME root"
(You can use username as you want, I have shared the username list in requirements above)
Or you can give the path to the username list.
Here is the username list I am using
The setup for the options
After setting up the RHOSTS, THREDS and USERNAME, we will give the path of the password file which I have saved on the Desktop.
Type "set PASS_FILE Desktop/Password List.txt"
Note - Deskto/ is the path
Password List.txt is the file name.
This is my password list
Everything is ready, just type "run"
And the password cracking will start.
Note - The tab for every tried password is red. That's because the password is incorrect.
When it hits the right password the tab will go green and will not stop until it finishes the whole wordlist.
Press ctrl+c to stop at anytime.
If you are not getting the right login, you may need to change the username to something other like admin or administrator if you haven't given the username list path as I had given only one name manually.
This process can take a lot of time. It depends upon the wordlist, username, internet speed and you social engineering skills.
After you get the user name and password you can access the FTP server and exploit or do what ever you want to do man, but don't trouble your mother man.
Thank you guys for reading the tutorial.
I have made a set of Metasploit Tutorials from the beginning. You may want to see them here.
Other posts -
I get a lot of great information here and this is what I am searching for. Thank you for your sharing. I have bookmark this page for my future reference. Search aws jobs in hyderabad.
ReplyDelete