Penetration Testing mailing list archives
Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd?
From: Jon Kibler <Jon.Kibler () aset com>
Date: Fri, 10 Oct 2008 13:57:39 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chip Panarchy wrote:
Hello I was wondering if I could have some help in 'hacking'/'cracking' an FTP site.
Chip, No need to 'crack' ftp passwords... they are sent in the clear! Basically, all you need to do is to sniff the network. Wireshark will even format the capture to clearly show the ftp password. (If you demo this, after sniffing an ftp password, make a connection using sftp while sniffing the network... no password can be seen.) If you are on a switched network, you can either wire a hub between the switch and the router and sniff from there, or use ethercap or a similar package to ARP spoof the default gateway, routing traffic first to you and then to the real default gateway port. I hope this helps! Jon Kibler - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvl5MACgkQUVxQRc85QlMmwwCgjm3FT5x+lr7ySBrliuY3bpsh jhsAoJhIjjptFxHka4V8kRNWbGIxC3GB =ojZg -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Chip Panarchy (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jon Kibler (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? p0liX (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Gustavo Castro (Oct 10)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Chip Panarchy (Oct 11)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jimmy Brokaw (Oct 12)
- RE: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Craig Wilson (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Robin Wood (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Jon Kibler (Oct 12)
- Re: Cracking FTP password so that I can convince people not to use FTP, and to instead use SFTP? How do I crack the pwd? Adriel Desautels (Oct 12)