Member-only story
Learn how to build a simple Python script that can be used to brute force a FTP user. This tutorial covers the implementation steps needed to build the script using Python Programming. In case you’re new to Python and need a formal introduction to the language, I have made a full Python course on Youtube: https://youtu.be/L3v5tu_ang4
The content of this article is also available in video format on the Vinsloev Academy YouTube page: https://youtu.be/0tZhMZn78Yw
Learn the skills needed to get a career within Cybersecurity. Vinsloev Academy provide educational content from around the web: https://vinsloev.com
Book — Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers: https://amzn.to/3RWAjyY
Before we get started with the code, we need to import the ftplib Python library. With the right import in place we can create the two needed methods for this script to work.
Brute Force
A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The first method we will create is the bruteForceLogin which will take two input parameters, namly hostname of the FTP we would like to attack and passwordFile which contains a list of Passwords and Usernames that we will use against the FTP. The method will loop over each line of the file and divide it into a password/username variable by splitting on “:”. Next a Try/Catch block is created to open the actual connection towards the FTP. If our script succeeds on login it will print “FTP login succeded” along with the username and password that was used. Next off it will quit the connection but in case the username or password is not valid the except block will just pass in the loop will start the next iteration.
def bruteForceLogin(hostname, passwordFile):
passList = open(passwordFile, 'r')
for line in passList.readlines():
userName = line.split(':')[0]
passWord = line.split(':')[1].strip('\r').strip('\n')
print("[+] Trying: " + str(userName) + "/" + str(passWord))
try:
ftp = ftplib.FTP(hostname)
ftp.login(userName, passWord)
print("FTP Login succeded: " + str(userName) + "/"…
