Cracking FTP with hydra

Hydra is a fast login cracker that supports a lot of protocols. It is a command line tool, but a GUI is available. The FTP (File Transfer protocol) is used to remotely access files. The cracking speed is low but with a weak password and a good wordlist it is possible to be cracked. Most attackers will try to crack a password only if there is no other way in(e.g using an exploit or social engineering).

This is a list of supported protocol that hydra supports as listed in the official website :
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTP S-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP Enum,SNMP, SOCKS5, SSH (v1 and v2), Subversi on, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.



Basic options:
-l [name] username
-L [wordlist] username wordlist
-p [password] password
-P [wordlist] password wordlist
You can read Hydra’s documentation with the following command.

man hydra


For this example i have created two Virtual machines one running kali Linux (attacker) and the other windows XP (victim), connected to a bridged network. I have filezilla server running on the windows XP device with a weak 4 character user password.
After running a simple nmap scan from the attacker we can see that the victim has port 21 (ftp) open.

Now we can start our attempt to crack the password running the following command :

hydra -l user02 -P pass.txt

The ‘pass.txt’ file is a very small wordlist, in a real world situation a bigger wordlist would be used

As you can see above the password was quickly cracked in this case. In a real word scenario it could take a lot more time, or the attack could fail.
Now we can connect via ftp and download the secret file.

Lets take in a look in the secret file.

How to protect your ftp server

  To defend your ftp server you need to block all the possible attack vectors an attacker can use. This is a list of ways to increase your security, but remember that if someone really wants to get in your server he will find a way.

  • Keep the ftp server and the host OS updated 
  • Use long hard to guess passwords
  • Add a login attempt limit
  • If possible set up a whitelist

        After blocking most attack vectors the attacker can still use a zero day exploit or attack the most vulnerable place of the system. The human being, using social engineering.

Leave a Reply