Just what I needed Coder very nice .

just one question do you have the password.txt file that you used to get into the nasa site and did you route the attck/exploit through any proxy's? is this function supported or should I use bounce or some-other tool to re-route my attack on such domains?

Awesome Stuff man .....

directly brute forcing a ftp server without proxies might be considered careless and dangerous... just a thought. and writing a 3GB wordlist to disk instead of generating it on the fly might be considered stupid ;-)

thx 4 r share i test it to know more


greetz

a bit Hypocritical aren't we, flame?

just thinking out loud dude...
its just that you were answering so many out of context
questions from noob's than saying they are script kiddiz in
your other posts, perhaps you are the Hypocritical ...

ok, so should i stop posting all of my tools?

I think you should have posted a dos exploit as proof of concept of ftp brute forcing...

btw total crap, brute forcing is lame

Come on - we all know the tools is around - it's up to us to secure our stuff against'em - for every problem there's a solution - and heck - just banning the IPs after 3 incorrect login attempts or something like that will be enough. No reason to get all upset about this.

I still think it's a nice tool - nice work.


-Daxziz

great stuff m8ty thanx

well nice old-skool stuff- we all know that FTP has Gotten more secure than in the 80's, but still with a good dictionary file and the right luck it might work. unless they filter IP's like most secured FTP does . and logs ALL events and Possibly you run into a honeypot that freezes your bruter and you find yourself staring at the frozen screen.... damn it noob's find another hole beside port 21 -

and for you coder - thanks for teaching more noobs to be script kiddiz
and if you are doing it then plz use a proxy ... maybe you can code a proxy support (socks) to this program and let the world suffer for a while !

The second version of FTPitter is now available.

Added Functionality since the last update:
. Multiple Target Hosts
o This is done by using an IP range like "198.92.191.1-255"
. Multiple User names
o Will prompt for word list.
. All input is done interactively, no more command line arguments.


Tell me what you think of the tool options!

Hey all,

I just finished coding the first version of my new Brute force FTP Password Cracker.

Name: FTPitter
Function: to Brute force a FTP server
Platform: Windows (I'm still porting it.)

Here is an example routine;

Looks good

But where is the function to Brute Force

Looks great, i was looking for something like this... thanks. i will try it as soon as i reboot to windows...

mephisto:

I'm confused by your question?

At the command line you would type: "FTPitter target.com username passwords.txt 10"

This would attempt to Crack "username" at "target.com" using the password from "passwords.txt" and pausing "10" seconds in between each try.

What about this don't you understand. It's a nice tool - I'd like to help ya. 

Is there something missing because my dos screen pops up for a second then closes

dazza: bring up the DOS prompt first...

you need to bring up the DOS prompt first. Because of the command line arguments you will not be able to run this without the prompt...

Start >> Run >> "command" or "cmd"

Looks nice man Great work.

@Coder

Theres no reason to confuse about my question.
I thought Brute Force means any possible combination of letters not a wordlist.

Or did i sleep in the school at this lesson

nice work thnx

thanks man, this might come in handy sometime.

maphisto: ok, so what would you call the dictionary attack? i understand that it is not a true brute force in that it doesn't try every character combination- although that kind of attack is unreasonable in the situation of an FTP server- usually a true brute force technique would apply to hashed data... ciphered pw files, etc... simply put: it would take too many resources and cause too much attention!

awesome idea, nice to see such talented people on these forums!!

very nice work coder. big thx for your work!

how about in next version an option to scan a range of ips not just 1

i open it in windows xp and it just closes D: anyway around this?

great tool for hack stro lol

thank

A++++++++

Nice work!

Thanks for sharing this

Thanks, for beautiful Tool.
But there is a possibility of cracken from
a list to. Not only single a goal.

how?????? do u scan a range?

Yes, I have a list with servers, and want then checked.

is the code a fake or did you really hacked into nasa.gov ?

anyway big thanks for it !

[offtopic]
haha what a bunch of newbees here on the board! even my dad knows how to open a dos program in winxp

[ontopic]
great job! gonna play wif it

[offtopic again]
yes offcourse he hacked nasa.gov.....

no, i didn't really hack Nasa.gov (LOL) - i had to replace the name/addy of the real server i used to test...

OK - it seems that a lot of you would like me to modify the application so that it inputs a IP range... Consider it done, I mean - i'm kinda busy right now ... but i should have the next version up in a few days...

what extra features would you kiddies like to see on the next version?

Here is a small list of functionality i'd like to add;
1.) Built in TCP Range subnet scanner.
2.) Banner Grabber
3.) IP Range Anonymous Log In Finder
4.) More verbose logging...

Feedback?

[ironie]
yeah lol code a completly auto haxx0r !
Lets make a khat ftp cracker ;P
Don't forget that most of the kids dont know how to make text files
[/ironie]

But what about a real brute force cracker ?
This would be fun
like aaaa - zzzz

very nice!!! love the work, been working on one myself. are you going to make the source avail?

ok people! you all want a true brute force cracker- one that would in theory try every possible character combination. now- as explained before, this technique (esp. over a .net) is absolutely insane... now- if you guys really want something like that.

we (a few coders on the site) could easily throw together an example app that could do this, although let me first explain exactly how many passwords there could possibly be (i love math, don't you- no matter how simple )

Example: (We will call this psuedo code)

Min. Password Length=6;
Max. Password Length=16; #this is just to make it easy, most passwords can be up to 256 characters...

How many possible lengths=16-6=10;

How many possible Characters=220;

So for the first bit of computations we will try to guess all passwords with a length of 6 characters (this will increase, all the way up to say Max. Password Length- a set of 10 possible password lengths)

Each password length containing Len(Password) to the power of 220. SO there are 1.56054064447211e+171 combinations for a password of 6 characters... Now that's a lot of passwords. and if you think you can connect to a server that many times with out someone noticing? good luck! True Brute force attacks are usually good on (as posted in a previous thread) hashed data (like password files)...

Here is the kicker, the final number (total number of possible combination in this scenario) is 1.16825464719848e+245 (now, that's a big f*ing number!)

By all means, if you think you want to try and crack something like that over FTP (LOL, good luck!)

I have to propose you make it a multitasking proggi...

make it try 1 ip each time... and get as input:
program ip
then make it try all possible passwords until it is stopped or it finds passwd...
to make this you have to make it try all possible printable chars.
cause may not know how or it could take you lot of time and resources as you said...
i know a more clever way to do this...
all possible/printable chars. are in ASCII table...
what if you make in an integer array 0-256 (all ascii chars.) as the passwd's to try and then printf this as %c (it converts the integer to its ascii value...)
in this way you will make it more flexible...
also you can make it take 1-10 arrays...(so it cracks 1-10 chars. passwd's)
all this can be done in loop...

also...
the best way to make it multitasking is to make it open itself more times...
so make it run for more ip's via batch file...

e.g.:
multi.bat
-------------------------
start program.exe << %1
-------------------------
this can be run as:
multi.bat iplist.txt
and then it will pass all ip's to the cracker...


looking forward for a new version if you like my opinions...

btw: I'm a coder too

I know brute force is nonsense but could be funny for some kids ;P sitting weeks in front of their computer to hack into fbi.gov ;P

I coded a prog which makes a "brute force dic."
It wrote all possible combinations from 1 to 8 charachters ...

After 3 hours the wordlist was ~3GB big and he wasn't finished with 7 charachters yet

THX for sharing, I´ll try it out

another great program by Coder.
and i know i am a n00b or some would say script kiddy but you have to start some where.
Not all are here to learn to hack str0's or spread mischief.
some like to learn and by making programs that force ppl to use their brains is a good thing. Coder was being helpfull which maney forget that they were n00b's at one time or another. I give mad props to the peoople who share their work with others and since he knows that "script kids " are using it he was nice enough to tell them how to use it.

That is a rare quality from some one with experiance in this trate.

Thx a lot i will try it out

Run-Gun try running it from the command line, its not a program with a gui probably.
Start ---> Run --- > type cmd.

frmo there go to the dir were the file is and just execute it, filename.exe or filename

real nice program coder

but 2 questions

1) is there still a command line way ? cause don't find the right one
2) could you make the multiple targets option bigger ? like 123.123.0.1-123.123.255.255, would appreciate it very much

this project was closed. due to a large lack of interest in my part

although if you ever have any project request, visit my homepage- their you will find a place to post requests and contact info...

The Code Hackers Guild By the way- this isn't a hacking site! we are strictly programmers!

Hey yah Mate long time to talk...

What I was wondering is.. do you have anything lying aound so to speak that could like Snag Details off of someone trying to connect to me..like that redirector that you made...

I actually wouldn't mind a nice little Fakeftp.exe proggy ... which Gives the Host the Sense that He's on a Real Ftp like servu. or some thing and Watch him jump around imaginary Directory's on my comp.. with the Ability to make up my own user.pass name az well az directory's , and a directory which I can Actually store some prezzies in it for him... Like FormatC.exe or something...what do you think... ???

Wkd..

Easier Example [ME]{FakeFTP/User:admin/Pass:pass} <-------[HIM]{cd d:\Goodies\Wicked\IPscanner.exe}

[HIM] downloading.....Ipscanner.exe....

[HIM] Running IPscanner...

soundz, fun- but honestly you'd be better off running a real FTP Server (Something secure) and fill it full of interesting stuff... i don't particularly see the need to have a fake FTP Server... if anything, run another box on your net (dedicated honeypots are cool!)

-peace
-coder

makes perfect sense to me coder. thanks for sharing

True... some dayz I'm jst not with it , I Tell yah!!... think I posted that early hours this morn... got a nice Prezzy for yah in the Adv Sec btw.... Merry Xmas... I think that you'll enjoy¿...

Will Reply to IM latter got sum Shit to do...

Wkd..

.../