Sniffing - Wireshark
Logon Attack - THC-Hydra

And you could always exploit the software running the FTP service.

I'm not sure I understand your other question. You would secure your FTP service on the server side....

BillV

I guess I didn't make myself that clear in the last post, its kinda of a 2 part question.

1. I know that FTP is not secure and I want to try and crack our current FTP site. I'm currently researching ways to do this. I was wanted to know how to view data and credentials as they're going on the wire. I've read that it passes data in clear text, so i wanted to try and capture this. Is this only possible internally or can this be done externally from the network.

2. Secondly, since FTP does pass everything in clear text I wanted to know a few solutions to secure FTP that wouldn't require a different experience from the users. Is this possible to do without having them download a different client or accessing in a different way.

thanks again,

matt

Why not reverse the client's source a bit. Most times there's a off-by-one or other option to exploit it.

Hydra - guess it's just not my style. You could try Medusa or John, or even CUDA API in C - and speed this up as long as you know whether the policy isn't harmed, causing logfiles. Therefore footprint that before you start anything.

Have fun,
wishi

@Dave 1: This is an ETHICAL hacker site. We don't do illegal stuff here.

Why does this host holding your FTP site?

You can hack your own stuff in your own lab with tools you own, but other than that, you would need a written permission to do a pentest. And if someone is holding your web site against you, he would probably not sign anything...

All the above methods would work fine. Most people would try brute force the account if there was no lock out using hydra or another tool. Using wireshark would work too as long you had access to the network to sniff the traffic this would be the most effect as FTP is not a secure protocol and transfer everything in plain text.

scucci,
 FTP is an inherently insecure protocol due to the fact that it uses plain-text and allows anonymous logins. There are also a lot of the FTP applications that are vulnerable to remote exploitation. An example of one vulnerable application would be wu-ftpd. I think 3xban did a great good of answering your question an I mostly just reiterating what he said. Performing an Man-in-the-middle using ARP poisoning and using something like ettercap/cain&able to grab the credentials as someone logs into them would be the simplest way. You could aslo exploit the service although this does not prove that the protocol itself is insecure just the particular application your using.

Here is a good video on Man-in-the-middle:
http://www.youtube.com/watch?v=-hd7XG-b6uk

Feel free to message me if you have any more questions.