brute force with bounce attack ?!

Viewing 7 reply threads
  • Author
    Posts
    • #5380
      rebrov
      Participant

      i want to know how to brute force or crack telnet passwords or watever FTP even with bounce proxy attack ..whether its LAN attack or WAN connection attack

      and if its LAN attack with bounce proxy …will it be appear like it coming from WAN ???

    • #33990
      Xen
      Participant

      Can you explain it more clearly? I’m not able to understand what you really mean.

    • #33991
      yatz
      Participant

      Two things-

      In a “bounce attack,” you need to have access to an FTP site first.  Basically you connect into an FTP server and then use that server to execute your brute force attack.  A flaw in the FTP design allows arbitrary communication from one connection so you cannot be detected without the FTP server being traced first.

      Secondly, this theoretically is the same as using netcat relays.  Just set up a relay and then execute your brute force attack at the relay.

      Does this make sense?

    • #33992
      yatz
      Participant

      Also, here is the metasploit module that lets you scan using ftp bounce

      http://www.metasploit.com/modules/auxiliary/scanner/portscan/ftpbounce

      Seems pretty simple.  There also seems to be an nmap option for this as well.

    • #33993
      rebrov
      Participant

      @yatz wrote:

      Two things-

      In a “bounce attack,” you need to have access to an FTP site first.  Basically you connect into an FTP server and then use that server to execute your brute force attack.  A flaw in the FTP design allows arbitrary communication from one connection so you cannot be detected without the FTP server being traced first.

      Secondly, this theoretically is the same as using netcat relays.  Just set up a relay and then execute your brute force attack at the relay.

      Does this make sense?

      yes make sense ..however 🙂

      with netcat relays u need to penetrate pc first and setup netcat relay on this machine right ??

      what i mean is not to scan like that NMAP options with FTP bounce i know this one and not that option in METASPLOIT

      but

      i mean that option in hydra ….hydra can crack telnet and ftp and smtp via FTP bounce right ??

      but i can’t find open FTP servers to do that and if i found secure 1 still the tracing will be easy because its just 1 server

      not like chains of proxies and thats what i meant

      1st – where can i find open FTP server to try this ?
      2nd – is there a way to cracking via chains of proxies

    • #33994
      dynamik
      Participant

      I’m not sure where you’re looking for these FTP servers to test this with, but you should just set this up in your own test lab. I don’t know of any FTP servers/versions off the top of my head, but you should be able to find some with a little Googling. Keep in mind that this a pretty old attack, so it’s going to (should) be remedied in current FTP servers. Finding this has been very rare in my personal experience.

    • #33995
      ziggy_567
      Participant

      Most FTP servers should have remedied this, but you can often accomplish this method with network printers…

    • #33996
      rebrov
      Participant

      i know its old attack but its stealthy …then do u have the backup attack 🙂

      the problem is i dont know how to use chain proxies instead of FTP to brute force or dic attack specified telnet so the crackign method wont show as from my ip

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?