Cracking FTP with hydra
![](https://anarxus.com/wp-content/uploads/2020/08/xhydra.png)
Hydra is a fast login cracker that supports a lot of protocols. It is a command line tool, but a GUI is available. The FTP (File Transfer protocol) is used to remotely access files. The cracking speed is low but with a weak password and a good wordlist it is possible to be cracked. Most attackers will try to crack a password only if there is no other way in(e.g using an exploit or social engineering).
This is a list of supported protocol that hydra supports as listed in the official website :
Asterisk, AFP, Cisco AAA, Cisco auth, Cisco enable, CVS, Firebird, FTP, HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTP S-GET, HTTPS-HEAD, HTTP-Proxy, ICQ, IMAP, IRC, LDAP, MS-SQL, MYSQL, NCP, NNTP, Oracle Listener, Oracle SID, Oracle, PC-Anywhere, PCNFS, POP3, POSTGRES, RDP, Rexec, Rlogin, Rsh, S7-300, SAP/R3, SIP, SMB, SMTP, SMTP Enum,SNMP, SOCKS5, SSH (v1 and v2), Subversi on, Teamspeak (TS2), Telnet, VMware-Auth, VNC and XMPP.
Syntax
hydra [OPTIONS] [PROTOCOL & IP]
Basic options:
-l [name] username
-L [wordlist] username wordlist
-p [password] password
-P [wordlist] password wordlist
You can read Hydra’s documentation with the following command.
man hydra
Example
For this example i have created two Virtual machines one running kali Linux (attacker) and the other windows XP (victim), connected to a bridged network. I have filezilla server running on the windows XP device with a weak 4 character user password.
After running a simple nmap scan from the attacker we can see that the victim has port 21 (ftp) open.
![](http://192.168.1.210/wordpress/wp-content/uploads/2020/08/final0-1.png)
Now we can start our attempt to crack the password running the following command :
hydra -l user02 -P pass.txt ftp://192.168.2.3
The ‘pass.txt’ file is a very small wordlist, in a real world situation a bigger wordlist would be used
![](http://192.168.1.210/wordpress/wp-content/uploads/2020/08/final1-1.png)
As you can see above the password was quickly cracked in this case. In a real word scenario it could take a lot more time, or the attack could fail.
Now we can connect via ftp and download the secret file.
![](http://192.168.1.210/wordpress/wp-content/uploads/2020/08/final2-1.png)
Lets take in a look in the secret file.
![](http://192.168.1.210/wordpress/wp-content/uploads/2020/08/final3.png)
How to protect your ftp server
To defend your ftp server you need to block all the possible attack vectors an attacker can use. This is a list of ways to increase your security, but remember that if someone really wants to get in your server he will find a way.
- Keep the ftp server and the host OS updated
- Use long hard to guess passwords
- Add a login attempt limit
- If possible set up a whitelist
After blocking most attack vectors the attacker can still use a zero day exploit or attack the most vulnerable place of the system. The human being, using social engineering.