SFTP has nothing to do with the strength of the password. SFTP will
only encrypt the FTP session. When logging in with FTP, the username
and password is transmitted in plain text. Whereas SFTP encrypts the
username and password as it's transmitted. So you would need to be
sniffing the end users network while he logs in to his server with FTP
to get his username and password.
You could do this and have him do the same with SFTP, then show him
the results to compare and it will most likely bring things into
perspective for the EU.
On Oct 10, 2008, at 10:22 AM, "Chip Panarchy" <forumanarchy (at) gmail (dot) com [email concealed]>
wrote:
> Hello
>
> I was wondering if I could have some help in 'hacking'/'cracking' an
> FTP site.
>
> I know that FTP is a very old protocol... so I'm certain that there
> are many holes in it. Especially in one that hasn't been maintained
> for a few years.
>
> How do I crack the password on the FTP site so that I can use that to
> convince the owner of the site (a friend of mine) to switch to SFTP?
>
> I really want to know, because no matter how hard I argue with him,
> there still is no comparison to cold hard evidence. I've been trying
> to convince him for the last month, but he won't budge. Finally I got
> him to give me permission to attempt to hack his FTP site.
>
> So please tell me what method I can use to hack the FTP site.
>
> Thanks in advance,
>
> Chip Panarchy
only encrypt the FTP session. When logging in with FTP, the username
and password is transmitted in plain text. Whereas SFTP encrypts the
username and password as it's transmitted. So you would need to be
sniffing the end users network while he logs in to his server with FTP
to get his username and password.
You could do this and have him do the same with SFTP, then show him
the results to compare and it will most likely bring things into
perspective for the EU.
On Oct 10, 2008, at 10:22 AM, "Chip Panarchy" <forumanarchy (at) gmail (dot) com [email concealed]>
wrote:
> Hello
>
> I was wondering if I could have some help in 'hacking'/'cracking' an
> FTP site.
>
> I know that FTP is a very old protocol... so I'm certain that there
> are many holes in it. Especially in one that hasn't been maintained
> for a few years.
>
> How do I crack the password on the FTP site so that I can use that to
> convince the owner of the site (a friend of mine) to switch to SFTP?
>
> I really want to know, because no matter how hard I argue with him,
> there still is no comparison to cold hard evidence. I've been trying
> to convince him for the last month, but he won't budge. Finally I got
> him to give me permission to attempt to hack his FTP site.
>
> So please tell me what method I can use to hack the FTP site.
>
> Thanks in advance,
>
> Chip Panarchy
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now
www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
[ reply ]