Dear Readers: HWS has recently started a new project for the students of engineering ====> The Engineering Projects

Write at HWS !!!

Guest Posting

Saturday, September 18, 2010

Cracking FTP Passwords Using Dictionary Attacks

What is a Dictionary Attack ?

In layman language, Dictionary attack means using a tool that picks passwords from a wordlist and tries them one by one until one works

How to make a wordlist ?

A wordlist can consist of all possible combinations of letter,numbers,special characters. It can have some common or default passwords. You can download the wordlist generators or google the wordlists for bruteforcing and configure them according to yourself.

How fruitful attack can be ?

If we are try all possible combinations of letter,numbers,special characters, theoretically chances of success are 100%. But practically it is not possible to try every combination because it can take a lot of time. This attack just depends on the time you give,processing power and ofcourse your luck.

Tool I will be using ?
  • THC Hydra

    Step 1 

    Download THC Hydra from here

    Step 2

    (a) Make a usename wordlist consisting of some common usernames like this

    (b) Get a wordlist of passwords
    (c) Copy both wordlists to your hydra folder

    Step 3

    (a)Open the command prompt and change directory to your hydra folder using cd command.

    (b) Type "hydra" without quotes and it will show you the options to use.

    (c) Now to start attak,

    Type "hydra -L userslist.txt -P passlist.txt ftp" and press enter

    where userslist.txt is the list of usernames, passlist.txt is the list of passwords and is the IP address of target, Now it will start cracking

    To use a single username instead of wordlist , Replace capital L with small l , like this

    Type "hydra -l username -P passlist.txt ftp"

    Note : Ftp port must be open.

    Warning: I highly recommend you to use a chain of proxies to spoof your identity because proper logs of user's IP addresses who try to connect to ftp server is made on the server. Here is an example of the same.

    Countermeasures to protect yourself from this attack:

    1. Use strong passwords
    2. Enable Autoban of IPs or anyother option like this.

    About The Author
    This is a guest post written by Aneesh M Makker. Aneesh M.Makker is an Ethical hacker from Malout, a town in Punjab.Click here to visit his Facebook Profile

    About the Author

    I am XEO Hacker, the founder of Hack With Style (HWS). I am blogging since 2009 before that I just search things and now I am sharing my knowledge through this plateform.I'm also a freelance writer on topics related to Website Hacking,Website Optimization (SEO), blogger customizations and making money online.
    In 61 people's circles

    Subscribe To Get FREE Tutorials!

    Respected Readers:
    As a 21 year old student, the only income I rely on is my pocket money. Bearing the running costs of HWS Blog has become really difficult. We educate thousands of bloggers a week with our tutorials. To help us go forward with the same spirit, a small contribution from your side will highly be appreciated.


    Confused? Feel free to ask

    Your feedback is always appreciated. I will try to reply to your queries as soon as time allows.
    Please do not spam Spam comments will be deleted immediately upon my review.

    XEO Hacker

    Post a Comment

    Twitter Delicious Facebook Digg Stumbleupon Favorites More


    Recent Posts

    Join Me On Facebook

    700+ Followers


    meet women in Ukraine contatore visite website counter

    Recent Comments

    Follow Me On Twitter

    1112+ Followers