how to UsE Hydra to brute force AN ftp server 

STEP 1) Firstly, you will need to add the FTP server features from the server manage 

STEP 2) Next, click on the “Add Roles and Features”. You should see the Before you begin screen: 

STEP 3) Click on the Next button. You should see the Select Installation Type screen: 

STEP 4)  Select “role-based or feature-based installation” and click on the Next button. You should see the destination server selection screen: 

STEP 5) Choose “Select a server from the server pool” and click on the Next button. You should see the Select server roles screen: 

STEP 6)  Select “Web Server (IIS) from the list” and click on the Next button. You should see the Select Features screen: 

STEP 7) Click on the Next button. You should see the Select Role Services screen: 

STEP 8) Select FTP Server and click on the Next button. You should see the following screen: 

STEP 9) Review all configurations and click on the Install button to start the installation. You should see the installation progress screen: 

STEP 10) To create a new user, open the Server Manager => Tools and click on Computer Management. You should see the following screen: 

STEP 11) In the left panel, click on the Local Users and Groups => Users then right click on the Users => New User. You should see the User Creation screen: 

 Provide your username, password, and click on the Create button. You should see your newly created user in the following screen:  In this example I will use ftpuser as username and Password123! for password . You will need this testing HYDRA bruteforce later in this tutorial

STEP 12) Open the Server Manager, click on the Tools => Internet Information Server (IIS) Manager. You should see the following screen: 

STEP 13)  Right click on the Sites => Add FTP Site. You should see the FTP site configuration screen: 

STEP 14)  Define your FTP Sitename, FTP directory path, and click on the Next button. You should see the port configuration screen: 

STEP 15)   Define your bind IP address, port, SSL setting and click on the Next button. You should see the FTP authentication configuration screen: 

STEP 16)   Open up Terminal on you KALI Linux and type:

a. cd Desktop     PRESS ENTER

b. touch passwords.txt    PRESS ENTER

c . sudo nano passwords.txt PRESS ENTER

STEP 17)   This will put you into the NANO text editor and you will be editing the passwords.txt file that you created using the touch command. 

Enter the passwords as seen on the side picture, PESS ENTER after each password. When you done typing

PRESS CRTL + X 

PRESS Y 

PRESS ENTER

Take note that the password we used for the ftpuser on the FTP Server is in the list for demonstration purposes. This is for proof of concept!

STEP 18)   Type

sudo hydra -l ftpuser -P ./passwords.txt -f ip address ftp

ip address will be the IP address of the FTP server. If you don't know the IP address of your FTP server. Open up command prompt on the FTP server and type IPCONFIG. 

The -l command specifies to use 1 username. In this demonstration we used "ftpuser" which we already knew. However, the -L command can use a username.txt list which can contain hundreds of usernames. 

The -p command will use 1 password while the -P command uses the "passwords.txt" which can contain hundreds if not thousands of passwords.

This allows HYDRA to perform Brute force acts using combinations of usernames and passwords bases off the size and complexity of the username and password files provided. 

Reasons why FTP is insecure with Wire Shark packet capture & FTP Log file example

FTP (File Transfer Protocol) is considered an insecure protocol for several reasons, and it can be easily intercepted and analyzed by network monitoring tools like WIRESHARK. Here's one reason why FTP is insecure:

The lack of Encryption: FTP does not inherently encrypt data during transmission. This means that when you transfer files or log in using FTP, your username, password, and data are sent in plaintext over the network. Anyone with access to the network traffic can intercept and view this information, posing a significant security risk. You can see this in the picture to the right. While using HYDRA I ran Wireshark and gathered packets. You can see password and usernames are sent in plain text across the network. 

While looking at the FTP log file located in the C:\inetpub\logs\LogFiles\FTPSVC2 directory  you notice the date & time entries a indicative of a Brute force attack. Over a dozen log in attempts have been made by "ftpuser" at the same time.  The source and destination IP addresses have been omitted but they source IP from "ftpuser" is the same as well.

Due to these vulnerabilities, using FTP for transferring sensitive data over untrusted networks is strongly discouraged. Instead, it is recommended to use more secure alternatives like SFTP (Secure File Transfer Protocol) or FTPS (FTP Secure) that incorporate encryption and better security features to protect data during transmission. These protocols address the security shortcomings of FTP and provide a safer way to transfer files over the internet or other untrusted networks.