<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<META NAME="Generator" CONTENT="Microsoft Word 97">
<TITLE>Ftpcrack</TITLE>
</HEAD>
<BODY BGCOLOR="#ffffff" LINK="#0000ff">

<B><P ALIGN="CENTER">Ftpcrack.pl</P>
</B><P ALIGN="CENTER">&nbsp;</P>
<P>This is a good one! Ftpcrack.pl will connect to an ftp site and then test the Administrator account with a list of passwords that are read from a text file (cracknt.txt). To be more precise ftpcrack.pl will run the ftp client software using the –n opti
on (suppress auto login) and the –s option. The –s option tells the ftp client to run the commands stored in a text file. In this case the command is:</P>
<P>&nbsp;</P>
<B><P>user administrator</B> *<B>password</P>
</B><P>&nbsp;</P>
<P>The line in the perl script, actually the <B>only</B> line in the script, that does this is :</P>
<P>&nbsp;</P>
<B><P>system (‘ftp –n –s:cracknt.txt 127.0.0.1 > cracked.txt’);</P>
</B><P>&nbsp;</P>
<P>(Copy this line to notepad and save as ftpcrack.pl)</P>
<P>Note the " > cracked.txt" at the end. This redirects the output to a text file cracked.txt. You then open up cracked.txt to see if you have cracked the admin password. This relies on two things:</P>
<P>&nbsp;</P>
<OL>

<LI>The Administrator has a weak password. One that is listed in the cracknt.txt file.</LI>
<LI>The ftp service isn’t configured to allow only anonymous connections.</LI></OL>

<P>&nbsp;</P>
<P>The beauty of this one is it can be run remotely : Lets say you have cracked an NT Internet Information Server and have admin rights on it. You can copy this script to that server, using Explorer and put it in the following directory : c:\inetpub\scrip
ts or equivalent. It has to go in a www directory that has the ‘execute’ permission enabled. You could also try c:\inetpub\ASPSamp\AdvWorks or if they have it c:\inetpub\cgi-bin. Once you have copied it there you can run it via your web browser. This mean
s you are using up their bandwidth and <B>not running up your phone-bill! </B>To run it remotely enter the following URL in your browser :</P>
<P>&nbsp;</P>
<FONT SIZE=2><P></FONT><A HREF="http://www.company.com/scripts/ftpcrack.pl">http://www.company.com/scripts/ftpcrack.pl</A></P>
<P>&nbsp;</P>
<P>After you run it make sure you edit the log file to hide the fact that you were the one who run it. If you don’t do this at least go through a couple of proxy servers. (To find out how to do this read my IP FYI)</P>
<P>&nbsp;</P>
<P>Before you upload ftpcrack.pl to the server though edit the IP address in the following line changing it to the IP address of the machine you want to crack.</P>
<P>&nbsp;</P>
<P>system (‘ftp –n –s:cracknt.txt 127.0.0.1 > cracked.txt’);</P>
<P>&nbsp;</P>
<P>You’ll also need to upload cracknt.txt and put it in the same directory.</P>
<P>Once all that passwords in cracknt.txt have been tested connect to the site using Windows Explorer and open up cracked.txt. Note – You won’t be able to get to this file using the web because the /scripts directory should deny the ‘read’ permission. Onc
e you have cracked.txt, using notepad do a search on "logged" because if you get the password you’ll get a message "user administrator logged in."</P>
<P>&nbsp;</P>
<B><P>Note – This will fill up the target machine’s System event log with messages about bad user names or passwords. Also the ftp logfile will show this activity if ftp logging is enabled. If you are running it remotely though the remote machine’s IP add
ress will be logged and not yours.<HR>2nd Note - because the target server will time out the connection after 900 seconds if no valid login has occurred you may have to break the password file up into chunks and run it in batches.</P>
<P>&nbsp;</P>
<P>For a zipped version of cracknt.txt <A HREF="cracknt.zip">click here.</a></P></B>
</BODY>
</HTML>