BRUTEFORCE (I): ATTACKING AN FTP SERVER WITH BRUTER
- Layout for this exercise:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBtX7lKlmwGZrv0Mt6MGbqeAcQRlEEbLwnWzZqO80JPkBV6qe8SPW-Fsgqv6H2hoFVby0sIIqHmHMgVzyvCnKL6Mk4otNUYSMRv3uPtvmOjfW-gY1ykcBlnTYxT_ZoFa7qtaQ97LPwLiD4/s1600/screenshot.57.jpg)
1 - Bruter: a bruteforce attack tool
- In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly.
- The attacker systematically checks all possible passwords and passphrases until the correct one is found.
- Bruter is a parallel network login brute-forcer on Win32.
- This tool is intended to demonstrate the importance of choosing strong passwords.
- The goal of Bruter is to support a variety of services that allow remote authentication.
- Downloading Bruter to the attacker machine Windows 7:
https://sourceforge.net/projects/worawita/files/latest/download
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHSTrm21RJZAYeTGj0gRuY18cA7DtHOhnvaJUv4VRHQfbpLe7S1h-SYmffcS4w9YdOvAhkSdO4PSAZVrht_MPa-1DGOXxNV1UQOI_4bSNDIJV_M_peOWurceMmiYyvmIGMAi-P4LVdQ47D/s640/screenshot.1.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJtsm7Yc1Fuh1CK6u-2ThJ11whD_6N2Mr9kHW-qWfPPLLUdL80chGwSjWYULOanb-yzV9_2n3auKKepezSgTp1KwLdDANbkpNZ_0l3b02_9GtIAhLxC0t1Zj-bASGu-Vl0olGbKv299Udu/s1600/screenshot.2.jpg)
2 - Setting up an FTP server
- Opening the XAMPP Control Panel at the victim Windows 10:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3_wvozguUuz6GlF0GUEzeoEDaORD3OEycQxtU3XoraLrguAvnW4gpSWkyYPysn_BBbSApOf9xAum4Q7mtUfZUQgMDdRNDYEF1YosDp4btp-OUEkRl5KA9GQAVY4RlX3bXi5Eh7_rheWVc/s1600/screenshot.3.jpg)
- Starting the FTP server:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2kvQuOGdBhnKw1EJvxLw2kgUMfdi2CurpUSgBDjjEoX-dIo8H0EwCfNz2AxXNcLJiP3T_gtqUV5lzvej_PU-j9VQE8dJl5AddlYyAT4DYc9Gybh0NClsxQACaB6Q3k5quGQyEKIFGCz83/s1600/screenshot.4.jpg)
- Connecting to the FTP server:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeY4bi3wXSfeag36Jo91GiQ9neCtXcQqVgeEvebMNMINMJ4-PAW7K-hoHMkQjhSxj_o4hXyuIoECkQhsM5T0ysAJajFNOHruqxDVXm2sfXG9gHwBsofCdq6jbPdiZ0RdnSprj7mb5Gk6Oy/s400/screenshot.6.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbCFhBQly-7eHXFYClg4bCdPji5E1xjMsaAaoAyrZgGnqvBY2tCkd0UTmljRv7Sy1Kuo9RLNKF8gz0x37aOd55IPhTb5HupVMEn7V7mM1BiIiQ-NMZw581dnqRWcrPFv0-nJISWam33NWs/s1600/screenshot.7.jpg)
- Adding admin as user:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWJ9g4oDQ98TbnbYlzdaBr5cnpx5EzTjfgDEvyHP-zjH_5cHSz6sCviVmGG8w_Mj3GghQFeRTiuzEsb31BnpjRJk6zDKomL8L0XLnJw-hos9dryhyphenhyphenupnO90aXV9-w5fV6XxZWsgt6OLSpu/s400/screenshot.8.jpg)
- Setting a simple password (123) for the user admin:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEga5j7Tml0T3NOFg_Tztxxa49Jc5xd-ZaXQQc0IpKuRWENcoAtQmMYSYSpx0dY4YwYeT1DPXBWc13rnbl4cuBv23CYM-02pal4WxBuFmcFrk2LbU_3C2J35Ijg7jO6zlY_hVmVabfYn9SLn/s1600/screenshot.46.jpg)
- Setting as Shared folder C:\FTPtransfer for the FTP server:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTxoGVJpZRH07Ft9KsPZMyXdL59hJUJPKMK_bTUnCfX3VO4pd8BBjXUFBMM3khRyUezezTZ_rY5Qkx6DJI9FMVvp1NDKRijM0J4QzN_d7aQhmvAJrKqqEeUu9olVCl2lvlUWqx9J9mHVbA/s1600/screenshot.47.jpg)
- Entering authentication credentials:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbdiProizNRQwUSyKi3oWeusTEjhc7p3N28f1_KOtejVaywziz9H3umzJKjGWHbshYZkmQ8rdpNU2qZPcEI7BkgATg_lc8aepCXMV-0s7oQp6R5RF7ZntmV3yTNSwOHSVo-PibtPeGD6Gv/s1600/screenshot.51.jpg)
- The access to the FTPtransfers folder is successful:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyMu1n1b4-D5cp9vKeQ8vAk6QmE1NUM4mqbQ7uJ2Xoai6RxWV8mEaQ2gCIcLtkwE094yD2MyIbHqY9aaoY9V_ZCxxKbW_TEf1rhIiVxch6gKmVAnci31yipN_klzYwMukrqIhKt9CTboro/s1600/screenshot.52.jpg)
3 - Bruteforcing the FTP server
- From the attacker machine Windows 7, checking that the port 21 is open at the victim Windows 10 (192.168.1.6):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvZRDrlzV_v2gEF7RuTrXQHHvGYYKDNagCs83DTP1zuXwSZEiwQx_1PRoWFeyDU-XJq1qjjYBeUbWwA7ThNjA81I_Wp3BoSjLWNE39QYsII5B3RW1FDfrH_oluV9el3x3BwUXimFTkPsqE/s1600/screenshot.40.jpg)
- Running Bruter.exe from the attacker against the FTP server (IP 192.168.1.6, port 21):
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7trK67ZfENJLEKNTdwKZAnoyAV9viPTZZNSW3TolJE3qRWdcU9j-KeYYE7977-CJiNDfQmTGYgyuWfUZNGYV_Uq-EcUOC5xilKqZtx88vYqtmn2NA630om_4qYzEf8gcVfvKGfsTcqk9w/s400/screenshot.55.jpg)
3.1) Dictionary
- Taking the Dictionary option and browsing for a wordlist:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx2Op4uxLj1ZdBRkzSTwg2nO1bDGbRdY82kAEJ0fV12fCJwENxiQ7OfMuj5yw2GUaTQk9FEJwX0Zt39ph4Bp3ht-J5oI_rrfzk3QS8A-Er71gyA-GW79RH1RGKqvqxaF6GJMSXG65SuWfS/s1600/screenshot.5.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsQY26Ce-xcP8Xhv25TGkM3-YUmD_seoSCgczUZsa7GLbCMyDA-xkWm2Ssjsnz5K790OkgBwBv232m8N_ef5saSzE0gASaD9H6xJdhIQfPiudNmmy5_eZUWxI77EgLzdcV4BElmebrl9DN/s400/screenshot.1.jpg)
- Starting the attack:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMENuR3yWTVvMM-olJWwHWidsXKRVSuOi3F0avFZvU9fa-9Q2mqGq10vtnThrdVKI8lB-Zn1mYENztc61L9TQJJFT-TRJX8GuWghh_mN_KBNl9EUsnR7QyPzfgxWTXA2bl_TOCh-Z5iJVK/s400/screenshot.54.jpg)
- Finally the attack is successful because the password (123) is revealed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkrinxdU9KXATGnMnRzcO5f1rsISWs410YPNXVhT5h46CKwYqcNMc166wZ-z0D_-XacfKtE7YOe5c2ctz-Vqi__3RqyZabiN4lllCqlck15d7wcpzunArz7Oo1VAgZVPdDzn3AUxaSvEmz/s1600/screenshot.48.jpg)
3.2) Brute force
- Choosing Brute force option, setting options for the Charset and the length of the password:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvLD8VD1Q1obCPUrxgOKFWKFo7zAawB4JJ7_EMNov4S6befUnJxNXUtJ9QcpPpDTA0f3eUv3ena3YdOdIiXfWglnPAT6xdPCmP4-LVlaUNUiDne6p3pIJcuEH7-xKfMGlYdetvl_85W6LY/s1600/screenshot.53.jpg)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr88vDGsR7GIDeHlj3Q8Ld5ZHjCW1I3WHy6-kjryA-dBm-9-sIHPdCPFkZQF6ueTB4kuOSIiRipR_1TAzia0xemKqdcHwzbYtkkCZxb4xmElqTfoiiSRoLsBqaHVyvJG6m4d_b-RUPlqj7/s400/screenshot.44.jpg)
- Starting the attack:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMENuR3yWTVvMM-olJWwHWidsXKRVSuOi3F0avFZvU9fa-9Q2mqGq10vtnThrdVKI8lB-Zn1mYENztc61L9TQJJFT-TRJX8GuWghh_mN_KBNl9EUsnR7QyPzfgxWTXA2bl_TOCh-Z5iJVK/s400/screenshot.54.jpg)
- Finally the attack is successful because the password (123) is revealed:
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkrinxdU9KXATGnMnRzcO5f1rsISWs410YPNXVhT5h46CKwYqcNMc166wZ-z0D_-XacfKtE7YOe5c2ctz-Vqi__3RqyZabiN4lllCqlck15d7wcpzunArz7Oo1VAgZVPdDzn3AUxaSvEmz/s1600/screenshot.48.jpg)
- The password has been chosen deliberately simple because the purpose of this exercise was just to demonstrate how to operate with the Bruter tool.
- For more complex passwords Bruter has a wide range of predefined Charsets with a greater number of characters, in addition to the possibility of decreasing the Min_Len parameter and increasing Max_Len.
- Obviously, the disadvantage would lie in the slowness of the attack, in addition to the greater amount of resources needed to implement it.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDWcGyfAGSUI6mCNjtxElGjMpFLv50fwVhFbx6l85Baw3iinb2VkMEeUDE89cekQt3sy_fRVXHZwVO1UJ6QSnFbbvYZNcav9GhBfQpN_vpO1y88Zr1k7dvxuAPuqK8o3UGYenKxtzGrjAU/s1600/screenshot.58.jpg)