It reveals the basics of hacking a FTP server using dictionary search technique. Here are the steps involved.
1) Download the software hydra 5.4 form the below mentioned link.
http://freeworld.thc.org/thc-hydra/
2) Save files in any location. For convenience download the files in c:\.
3) For this demonstration a basic FTP server is setup on the network with IP address 192.168.1.4 (port 21)
4) Open a command prompt and navigate to the hydra folder. Type “hydra“or “hydra—help“to access the built-in help.
5) Type the syntax in a notepad before entering into command prompt.
6) Type the following syntax “hydra -| user –P dic.txt –e ns -vV 192.168.1.4 ftp “into notepad. Copy the syntax and paste it in command prompt. press enter.
7) The dict.txt contains the keywords for checking the FTP server password and username.
8) For demonstration purpose the dictionary fie is named”dic.txt” with some fake words and one real password of the FTP server and also the user name is already known as “user”. Hydra will find the password.
9) Hydra found the password“darkness“for this demonstration. Now that we have a username/password pair we can login to the server access the files in the ftp server.
10) Depending on the privileges of the account you got access to edit/delete/upload files. Use a Ftp client such as filezilla to edit or upload files if you have the privilege to do.
No comments:
Post a Comment