Hack Like a Pro: Python Scripting for the Aspiring Hacker, Part 3 (Building an FTP Password Cracker)

Python Scripting for the Aspiring Hacker, Part 3 (Building an FTP Password Cracker)

Hack Like a Pro: Python Scripting for the Aspiring Hacker, Part 3 (Building an FTP Password Cracker)

Welcome back, my novice hackers!

This is the third installment of my Python scripting series. If you haven't read the previous two articles, take some time now to go back and read Part 1 and Part 2 before you proceed here.

As I mentioned in previous tutorials, Python is probably the most widely used scripting language for hackers. This is primarily because it has some built-in modules and libraries that make many of the tasks we need to do as hackers much simpler and faster.

In this guide, I want to fill in some more of the basic information about Python and then build a password cracker for an FTP server using some of things we have learned in these three modules.

Dictionaries

In Python, dictionaries act like associative arrays in other languages. We use these when we want to store a list of items (elements) and give them a label. This could be such things as user IDs to names or associating known vulnerabilities to a specific host.

Dictionaries hold unordered pairs, a key and a value, where the keys must be unique. Like lists that I addressed in the previous tutorial, dictionaries are iterable. This means that we can go through them with a control structure such as a for statement, assigning each element of the dictionary to a variable until we come to the end of the dictionary. Among other things, you might use this structure for building a password cracker where we iterate through each password in a dictionary until one works or come to the end. Dictionaries provide fast lookups.

To instantiate a dictionary, the syntax looks like this:

dict = {key1:value1, key2:value2, key3:value3...}

Control Statements

Like any programming or scripting language, often we need our code to make a decision. There are a number of ways in Python to control the flow of the script. For instance, we may want to set a conditional statement that if this.. then that... else do that. Let's look at some of these structures in Python.

if:

The if structure in Python is similar to the if...then in BASH. The syntax looks like this:

The control block in Python must be indented.

if ...else:

The if...else structure in Python is similar to the if...then ...else in BASH scripting. The syntax looks like this:

For example, here we have code snippet that checks the value of a user ID, if it is 0, then we print a message "You are root." Else, if it is any other value, we print the message "You are not root."

Loops:

Loops are another useful structure in Python. The two must widely used are while and for.

while:

The while statement evaluates a Boolean expression (evaluates to true or false) and continues execution while the expression evaluates to true. For example, we could create a code snippet that prints each number from 1 until 10 and then exits the loop.

for:

The for loop assigns values from a list, string, or other iterable structure such as a dictionary, to loop an index variable each time through the loop. For example we can use a for loop to attempt passwords like in our script below.

Creating an FTP Password Cracker

Now that we have three lessons in Python under our belt, let's create a simple FTP password cracker in Python. Let's open a text editor in Kali (I'm using Leafpad) and enter the following script below.

Note that we import the socket, re, and sys modules (Lines 3-7), then create a socket that attempts to connect to specified IP address on port 21 (lines 11-15), then create a variable username which is assigned "NullByte" (Line 33), then create a list called "passwords" with potential passwords (Line 35), then create a for loop trying each password until it receives a code 230 or exhausts the password list.

Of course, you can change the values in this script to any that you want and are appropriate to your circumstances. In future tutorials, we will modify this password cracker to give it even greater usability and versatility.

Save it as "ftpcracker.py" and give yourself execute permissions, then run the script against an FTP server.

kali > chmod 755 ftpcracker.py

kali > ./ftpcracker.py

If it finds the password, it will print the message 'Password found: <password>" (Line 43).

Keep coming back, my novice hackers, as we continue to expand our scripting skills to the level of a pro hacker!

Cover image via Shutterstock

43 Comments

Wonderful

Thanks for the awesome tutorial. I didn't only learn how to script with the language but also how the ftp receives its login. Never thought of that. Thanks once again Master

#Sky

Hey, I'm very new to all of this, and I was wondering what version of python should I download?

Thanks for the Tutorial. They are always amazing an informative!

OTW:

I kind of have a problem with my login.

So i used filezilla along with wireshark to check how the credentials were sent to check if you made an error in the username and password settings in your script ( No Offense ) but found everything intact. My user is 'daemon' as u can see in filezilla and pass 'skylecore' ... But still get failed logins ... The text-editor to the right is the source of my ftp.py program and to ensure that my logins were correct : I reset all my passwords and still had the same issue. FileZilla seems to login but the script fails ... Any help is greatly appreciated

#Sky

In your script, delete the space between "%s" and "\r\n" when sending your username and password. That space is being sent as part of the username and password, which is why it's not working.

Hahahhahahhaha, Whitespaces !!!!

It worked successfully Mr. Bryan ...
Thanx ... Really Appreciate

#Sky

You're not the only one who's had an annoying problem like that. ;)

Cracker:

That moment when your code is not working and you notice days later it was a missing syntax ..... The madness that drives you into smashing your screen, It happens to all of us.

Awesome! Could you make a post on Python socket functions specifically?

Thanks sir :)

OTW and Sky Venom - thanks for all the input. I added a feature to import .txt files and build your password dictionary as opposed to typing it in. I used the 'rockyou.txt' password list found is usr/share/wordlsts

Here is my code! Looking forward to the next tutorial.

Bret:

Nice !!! .... I also modified mine to do some extra work and passwords in text files.
Keep the spirit up !!!

#Sky

OTW i love your tutorials, and I''m really interested in scripting. However when I tried to run your python script above I got the following error

print("* Trying "+ username + ":" + password)
^
SyntaxError: invalid syntax
I can't figure out what is the error
any help would be apreciated

Turkey:

Can you send a screenshot of your script? Otherwise, I'm just guessing.

OTW

the Upload new image under add an image is blank

Brawl:

Switch to Chrome if you re using Mozilla, Mozilla blocks outdated and vulnerable plugins like Adobe ( Shockware Flash Player).

#Sky

Maybe it's a stupid question but i would to know why if come out 230 is a correct password?
Sorry for my bad english but im not mother tongue

S1M046:

Welcome to Null Byte!

HTTP has a number of response codes to communicate back to the client as to its status. You have probably seen the 404 code indicated that the requested page was not found. For FTP, the code for successfully "logged in" is 230.

OTW

Ok i understood thank you

S1M046:

As OTW mentioned earlier, 230 is for a successful login and 530 is for a wrong login.

#Sky

Yes i know because after that he told me what it means i searched ftp code with Google and i found them in Wikipedia where there are a lot of codes and it explain also how they are form,example what it means the first and second number of a code.Thank you at all

Ok, didn't notice.

#Sky

Hey,

I've written a python script which generates all passwords for a router, and I've left it on to write to a text file to create a wordlist and after >10 minutes its all ready 11gb, so im guessing its gonna be huge. I was wondering whether it was possible to run the python script in aircrack as a wordlist so it would try every password generated. Thanks

Robyn

Why not just use the list generated by your script as a wordlist in aircrack-ng? It would work much faster that way. Running both scripts simultaneously would slow the process down more than necessary.

Because running it after a few minutes the wordlist is 12gb and that has probably only gotten up to "AAAEBEA" or something. That is way to big and it is only like 1500000000 combinations of the 3e+23(provided my calculations are correct. It isn't random at all. Here is the code if it helps:

txt = open("skyrouterwl.txt", "w")
import itertools
res = itertools.product('ABCDEFGHIJKLMNOPQRSTUVWXYZ', repeat=8)
for i in res:
password=''.join(i)
txt.write(password + '\n')
txt.close

Therobynhode:

A few points. First, your script only includes alphabetic characters. It will not work if the password is has numbers or special characters. Second, there is already a tool to do what you are doing with this script called "crunch". Third, I still don't see any benefit to using this script with aircrack-ng and it only will slow the process down. Fourth, generating random password lists should only be used as a last resort.

  1. This is not a problem as the router passwords this is targeted for only use letters
  2. How do I use it with aircrack-ng and will it work faster
  3. Because generating a wordlist which is potentially more than a few terabytes is ridiculous
  4. It's not last resort, it will generate all passwords for a router provided by a service. I understand it will slow things down but it is better than filling 3 expensive hard drives

Thanks
Robyn

Python is a great language. It, like other languages, has packages that integrate quite nicely with many tools (e.g. nmap). It also has the capacity to use pre-built modules (e.g. Scapy) to capture and manipulate packets as well as world of other options. It is in my opinion, a great scripting language to start learning. For those interested, a good book to begin learning some of these aspects is Violent Python by T.J. O'connor. It requires some familiarity with the basics of python, but, I think it will certainly set you in the right direction filled with new ideas.

Hey - it took me awhile and I realize there is probably a shorter/more efficient way to write this program but I wrote the same FTP cracker in Ruby.

The code is a little long so I included the link to my Github account.

https://github.com/bad6e/Hacking-Tools/blob/master/FTPcracker.rb

The image below is the part of the program I wrote from scratch. To get this to work I had to initially require 'net/ftp' but I soon realized that because of the way 'net/ftp' was written I couldn't get the program to work. So I had to import the 'net/ftp' code and modify it. Hence why the program is so long....

Directions:

  1. Username Name = Local Username
  2. Host = 'localhost' or IP Address
  3. Port = 21
  4. Password file = any .txt file with a single word on each line

Enjoy!

Hi,

I made some small additions to the original script, this version will take a text file for both username & password then using list comprehension will use every password for each username in turn.

Is gray hat/ black hat Python a good book to learn about malicious Python coding?

Just wondering, when we do s.send('USER ' + username + '\r\n') and s.send('PASS ' + password + '\r\n'), are these just used here as simple examples of sending input, or is this format i.e 'USER username' a common/default format excepted by ftp servers?

does anybody find how to build smtp pass cracker with python ??

Here is a sample transaction and explanation on authenticated smtp.

You can adapt this script to work with that protocol, it's not much different.

why did he stop posting on this?

I'll get back to it, but in the meantime check out Defalt's excellent "How to Train your Python" series

i know it a stupid question but what are we trying to attempt to know the password for. I mean we are connecting to a socket , how exactly can i put a username and a password into it ??

We're passing information through the connection. The code opens up the connection then begins guessing username/password combos.

I'm not sure if people are still going through these comments but I am constantly getting this response whenever i run the script that was provided in the lesson:

socket.error: Errno 110 Connection timed out

anybody have any ideas?

Can you connect to the FTP server without the script?

Share Your Thoughts

  • Hot
  • Latest