Sniffing - Wireshark
Logon Attack - THC-Hydra

And you could always exploit the software running the FTP service.

I'm not sure I understand your other question. You would secure your FTP service on the server side....

BillV

I guess I didn't make myself that clear in the last post, its kinda of a 2 part question.

1. I know that FTP is not secure and I want to try and crack our current FTP site. I'm currently researching ways to do this. I was wanted to know how to view data and credentials as they're going on the wire. I've read that it passes data in clear text, so i wanted to try and capture this. Is this only possible internally or can this be done externally from the network.

2. Secondly, since FTP does pass everything in clear text I wanted to know a few solutions to secure FTP that wouldn't require a different experience from the users. Is this possible to do without having them download a different client or accessing in a different way.

thanks again,

matt

Why not reverse the client's source a bit. Most times there's a off-by-one or other option to exploit it.

Hydra - guess it's just not my style. You could try Medusa or John, or even CUDA API in C - and speed this up as long as you know whether the policy isn't harmed, causing logfiles. Therefore footprint that before you start anything.

Have fun,
wishi