Announcement

Collapse
No announcement yet.

FTP Brute Force ( Faster )

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • FTP Brute Force ( Faster )

    Hi to All
    i am From Iran . my idea is a FTP Brute forcer that it is faster than all . i programming it with VB6 and i thing if FTP server was locker ( my mean is FTP have Security System when we Test longer Password with one ID ) what Can i do ?
    can i programmed a program that it can analyz FTP Server (Remot) and say to me if FTP Server was Locker ??
    my ftp server can Hide in a Computer without any task and proccess !!!!!

    i Wait for your answer . thanks
    Www.Alphast.coM
    Www.Sirus-v.Blogfa.coM
    ---------------------------------------------
    My ID in Yahoo : Alpha_Programmer
    ---------------------------------------------

  • #2
    That makes very little sense. I'm guessing you want to identify what kind of FTP server the remote host is running. If this is the case, there is an optional banner advertising the FTP when you establish the session.

    See more information here.

    Comment


    • #3
      Wow, I think you're the first person we've had here from Iran. Glad to see the government there lets you guys see 'dangerous' web sites run by infidels .

      Luckily with FTP, the data is being transmitted in plain text, so capturing the packets should be easy. I think it may be a language thing, but I am not entirely sure what you are asking for help with.

      I return whatever i wish . Its called FREEDOWM OF RANDOMNESS IN A HECK . CLUSTERED DEFEATED CORn FORUM . Welcome to me

      Comment


      • #4
        thanks

        o my god !!! we (iranian) are nobody in Undergroun Hackers World ?
        thanks for answer i Report my Brute Forcer in next time
        Www.Alphast.coM
        Www.Sirus-v.Blogfa.coM
        ---------------------------------------------
        My ID in Yahoo : Alpha_Programmer
        ---------------------------------------------

        Comment


        • #5
          well I think nmap is your answer. it detects type of service.
          if you wana programming you should do what nmap did (finger printing)

          Comment


          • #6
            thanks but ..

            thanks . but i want my programm Do Detection . well this programming is very very hard and it Must long Time Programmed . i haven't this Time . Thank You . I Think for a Short Way !
            Www.Alphast.coM
            Www.Sirus-v.Blogfa.coM
            ---------------------------------------------
            My ID in Yahoo : Alpha_Programmer
            ---------------------------------------------

            Comment


            • #7
              yea, It's time consuming to do it,
              well may be you'd better just run nmap (shell nmap ....) and just look at the results.
              you must only do a string processing then.

              regards

              Comment


              • #8
                It's rather funny, not one person knows what the others are talking about and the whole topic is dev/null material. =)
                - Programmer -

                Comment


                • #9
                  Originally posted by d3ad1ysp0rk
                  It's rather funny, not one person knows what the others are talking about and the whole topic is dev/null material. =)
                  Perhaps it is destined for dev/null, but I have seen less useful content not moved there.

                  I see two ways to look at this post, and both may be questions proposed.

                  Originally posted by DecryptionAttemptOne
                  Hello, I am From Iran and have an idea: I want to make a program that searches the Internet for a special FTP Server installed on remote network machines. (trojan used to store files (for me? others?) without the owner of the machine knowing it.) Can I do this?
                  My FTP Server Trojan Service can run on a remote machine without showing up as a process.
                  Yes. A brute force of Internet IP addresses is possible, and there are programs to help you with this, which are fast and allow you to specify what information you want to gather about remote services. (No. I won't write what they are..)

                  IP Addresses (ignoring lost addresses and reserved, and multicast and unused addresses)
                  220*2^24=3690987520 ip addresses to check for services. (This not accurate, but close enough for government work.) It would take some time though-- even with parrallelization on a single machine and across multiple computers.

                  Originally posted by DecryptionAttemptTwo
                  Hello. I am from Iran. I have an idea. I would like to make a program to guess authentication credentials on remote FTP servers and make this process it faster than all others. My idea is to hit the same username with multiple (dictionary?/brute force?) passwords which are longer than others. Is this possible?
                  Depends. If you can find a service that accepts a username and allows multiple password tries with that username, you may be able to gain a little bit of speed gain for each try.

                  If you are using a brute force attack, consider the number of password required as you add length to the password size.

                  Assuming simple ASCII character set, and limiting the number of character to printable characters in the lower 128 chars (not "extended" ASCII) we have:
                  A-Z,a-z,0-9,~!@#$%^&*()_+`-={}:"<>?[];',./\| as characters.
                  26*2 letters + 10 digits + 32 symbols = 94 characters.
                  Number of permutations (not combinations since order does matter) would be P(94,1) for 1 character passwords or 94 passwords.


                  Using my buddy "bc":
                  Code:
                  $ bc
                  bc 1.06
                  Copyright 1991-1994, 1997, 1998, 2000 Free Software Foundation, Inc.
                  This is free software with ABSOLUTELY NO WARRANTY.
                  For details type `warranty'.
                  define fact (x) {
                  if (x <= 1) return (1);
                                  return (fact(x-1) * x);
                                }
                  
                  define perm (x,y) {
                  return ((fact(x)) / fact(x - y));
                  }
                  
                  perm(94,1)
                  94
                  perm(94,2)
                  8742
                  perm(94,3)
                  804264
                  perm(94,4)
                  73188024
                  perm(94,5)
                  6586922160
                  perm(94,6)
                  586236072240
                  perm(94,7)
                  51588774357120
                  perm(94,8)
                  4488223369069440
                  
                  perm(94,16)
                  9602076631136562232830922752000
                  Consider this: You decide to try testing longer passwords. A 16 character password with 94 characters in the set would include a total of 9602076631136562232830922752000 different passwords per user. Of course, on average, you might find it half way through a search, and then after adding ordered weighting to letters, then numbers, and including symbolic checks later could allow for hits even sooner, but the point is...
                  9602076631136562232830922752000 is a large number of passwords to test if you are brute forcing!
                  But it does not end there...
                  9602076631136562232830922752000 assumes that the password is *exactly* 16 characters long. This does not include passwords that are 1, 2, 3, 4... ... 15 characters in length. I *think* we can perform a mathematical showrtcut here, and just increase the charset size by one to find the summation of all permutations for all passwords of length from zero to 16:

                  Code:
                  perm(95,16)
                  11546801012126245723024527360000
                  11546801012126245723024527360000 ! (<- exclamation not factorial) Wow!
                  Ignoring advantages in intelligent selection of passwords, you can half this number for an average search for finding passwords,
                  5773400506063122861512263680000
                  Let's assume that you can check one password every millisecond (much faster than what you would get in reality over the Internet when you think about it) and also assume you have 1000 computers working in parallel with 1000 processes each:
                  5773400506063122861512263680000/(1000 * 1000 * 1000)
                  5773400506063122861512.2636800000 seconds)
                  Assuming 365.2425 days per year (accounting for leap years)
                  365.2425*24*60*60 = 31556952 seconds per year (on average)
                  5773400506063122861512.2636800000 seconds / (365.2425*24*60*60 = 31556952) seconds per year (on average) =

                  about 182951778931727 years.

                  My math is rusty in probability. Feel free to tell me I suck for any mistakes. :-)
                  TheCotMan
                  *****Retired *****
                  Last edited by TheCotMan; January 9, 2005, 16:52. Reason: fixed eqn.

                  Comment


                  • #10
                    Originally posted by TheCotMan
                    My math is rusty in probability. Feel free to tell me I suck for any mistakes. :-)

                    Hehe, oh come on CotMan, you are Actuary material all the way. ;)

                    LosT

                    Comment


                    • #11
                      Originally posted by LosT
                      Hehe, oh come on CotMan, you are Actuary material all the way. ;)
                      Hah! I should buy some beans so I can go count them. :-)

                      Drive Thru: "Welcome to Taco Hell. May I take your order?"
                      Cot: "Yeah.... there are these flattened pieces of dough which are often cooked briefly on both sides, sometimes made with flour or corn [long detail description of bean burrito.] I'll take one of those."
                      Driv Thru: "Zzzzzzzz. Huh? Ok. One bean and cheese burrito. Anthing else?"
                      Cot: "Yes. How many beans in that? I really must know...."

                      Comment


                      • #12
                        Originally posted by TheCotMan
                        Hah! I should buy some beans so I can go count them. :-)

                        Drive Thru: "Welcome to Taco Hell. May I take your order?"
                        Cot: "Yeah.... there are these flattened pieces of dough which are often cooked briefly on both sides, sometimes made with flour or corn [long detail description of bean burrito.] I'll take one of those."
                        Driv Thru: "Zzzzzzzz. Huh? Ok. One bean and cheese burrito. Anthing else?"
                        Cot: "Yes. How many beans in that? I really must know...."
                        I was under the impression that Taco Bell did not have real beans or for that matter anything identifiable as edible. Seriously I would not eat at Sub Way either my friend is a manager there and they only order tier 3 meat the lowest grade legally allowed.
                        Did Everquest teach you that?

                        Comment


                        • #13
                          Yeah...I don't know about Taco Bell. How great can the quality be if half a pound of meat is 99 cents?
                          Answering easy questions since 1987
                          Si Dieu est pour moi, qui peut ĂȘtre contre moi?

                          Comment


                          • #14
                            Originally posted by Second
                            Yeah...I don't know about Taco Bell. How great can the quality be if half a pound of meat is 99 cents?
                            Since 50% is corporate profit, that means it costs them 49 cents for the parts and labor. Imagine the worker gets 10 cents for assembling one at $6/hr and taking only one minute. Then the employee benefits and employer costs are 5 cents. Rent on the building and other expenses are probably 10 cents, thus the actual value of the entire product is 24 cents.

                            I think they more than make up for it on their $1.49 sodas.

                            Comment


                            • #15
                              Originally posted by TheCotMan
                              Hah! I should buy some beans so I can go count them. :-)

                              Drive Thru: "Welcome to Taco Hell. May I take your order?"
                              Cot: "Yeah.... there are these flattened pieces of dough which are often cooked briefly on both sides, sometimes made with flour or corn [long detail description of bean burrito.] I'll take one of those."
                              Driv Thru: "Zzzzzzzz. Huh? Ok. One bean and cheese burrito. Anthing else?"
                              Cot: "Yes. How many beans in that? I really must know...."
                              Somehow.. I REALLY do not think he is joking...
                              Happiness is a belt-fed weapon.

                              Comment

                              Working...
                              X