.

Word list for FTP brute force

<<

dlupisella

Newbie
Newbie

Posts: 2

Joined: Sun Dec 07, 2008 4:03 pm

Post Sun Dec 07, 2008 4:08 pm

Word list for FTP brute force

I'm doing a FTP brute force on a network pen test and I wanted to find out what everyone's opinion or favorite was on a good word list to use.  Thanks!
<<

jimbob

Post Thu Dec 11, 2008 5:07 am

Re: Word list for FTP brute force

Google is your friend, there are a lot of free word lists out there.

Tip: Many testers like to feed passwords they have previously guessed/cracked/recovered into their wordlist.

Jimbob
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu Dec 11, 2008 2:16 pm

Re: Word list for FTP brute force

dlupisella wrote:I'm doing a FTP brute force on a network pen test and I wanted to find out what everyone's opinion or favorite was on a good word list to use.  Thanks!

Doing a network pen test and FTP brute forcing? Isn't this method highly likely to be picked up by an IDS?
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Thu Dec 11, 2008 6:46 pm

Re: Word list for FTP brute force

KrisTeason wrote:
dlupisella wrote:I'm doing a FTP brute force on a network pen test and I wanted to find out what everyone's opinion or favorite was on a good word list to use.  Thanks!

Doing a network pen test and FTP brute forcing? Isn't this method highly likely to be picked up by an IDS?


You would think so, but you can some times get by with it.  If you see it hanging out there, it can be worth the "roll of the dice".  Just make sure you do your initial attacks from a different IP than the one you are doing the main body of work for your pentest.  It sucks to get blocked right at the beginning because you were trying to storm the doors of the castle a little too blatantly. 
Last edited by Kev on Thu Dec 11, 2008 6:53 pm, edited 1 time in total.
<<

dlupisella

Newbie
Newbie

Posts: 2

Joined: Sun Dec 07, 2008 4:03 pm

Post Thu Dec 11, 2008 11:15 pm

Re: Word list for FTP brute force

Thank you Jimbob for the advice!  My apologies for the incorrect use of words.  My post was not meant to focus on the use of the words "FTP brute force" and "network pen test."  I was simply trying to figure out what people recommended for the use of brute forcing FTP.  That's all.    ;D
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Thu Dec 11, 2008 11:24 pm

Re: Word list for FTP brute force

A pretty good tool for doing brute forcing is THC Hydra.  Your password list should probably be a combination of dictionary words, commonly used passwords (whether you can use ones from other engagements may or not be allowed based on your previous work arrangements), and another method to get good passwords is to mine for keywords off of the company's website.  Getting usernames can be done the same way, potentially looking through metadata to find usernames and ideas for passwords.  Check out metagoofil for metadata extraction.  There have been a few articles out there on this, most notably by Chris Gates and a post on pauldotcom.com by Larry. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Fri Dec 12, 2008 1:01 am

Re: Word list for FTP brute force

Very good Apollo.  Just remember that any "attack" like that is very noisy.  Fragmentation will not really help if they know what they are doing. Best way is to scan from a far and wait. 
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Fri Dec 12, 2008 2:22 pm

Re: Word list for FTP brute force

Just on a side note, there are cases where you'll want to "storm the gates" like this.  Sometimes we get asked to do pen tests as part of an audit, and we know that the corporate security team is not aware that we've been brought in.  Part of the assessment is to determine if they are monitoring the network correctly.  We'll start doing attacks on the scale of "quiet" to "loud" and try to see where they actually start to catch us.  You'd be surprised how many times you'll get all the way to brute forcing passwords before someone actually figures out what's going on.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

LSOChris

Post Thu Dec 18, 2008 9:51 am

Re: Word list for FTP brute force

i'll 2nd that.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software