FTP Passwording
FTP Passwording
Hello all. I recently have set up one of my first official non-freewebs BS websites, and I was wondering....
I have FTP access to my online server, and I have the password that goes with it to access my server-side (on the internet) files.
Now I would certainly like to know this. How hard, and how easy, would it be for someone to access my FTP files and futhermore gain access to my FTP server? I've been searching MANY forums for answers, but I figured that hey, I should post only at the best of them (and this is one of 'em!).
In other words, I'de like to try and gain access to my server as if I didn't know my server-side password. Can anyone help me with this problem that I have at hand? Any help at all would go much appreciated.
Thank you for reading this!
PS: I do not know anything about anything. I am very new at this whole ordeal, and I have been trying to learn more about this specific computer subject for the past six months (yet I failed miserably); so please, keep your help to a very novice speak. Thank you very much!
I have FTP access to my online server, and I have the password that goes with it to access my server-side (on the internet) files.
Now I would certainly like to know this. How hard, and how easy, would it be for someone to access my FTP files and futhermore gain access to my FTP server? I've been searching MANY forums for answers, but I figured that hey, I should post only at the best of them (and this is one of 'em!).
In other words, I'de like to try and gain access to my server as if I didn't know my server-side password. Can anyone help me with this problem that I have at hand? Any help at all would go much appreciated.
Thank you for reading this!
PS: I do not know anything about anything. I am very new at this whole ordeal, and I have been trying to learn more about this specific computer subject for the past six months (yet I failed miserably); so please, keep your help to a very novice speak. Thank you very much!
hmm
Ok you have a website that is no longer under a free server
Im assuming since it is a commercial service they would have at least some general understanding of security if not a whole lot more
What you could do if you would like to learn more is do a port scan of the server ip address or yourdomain.com depending on the country your from this is not illegal
this will give you a general idea of what ports are open on the server and where in security holes will lie
Common ports that are open on most servers 21 80 your port scanning program should tell you what they are
assuming you wish to learn what there FTP security is like you can then open up a cmd (assuming your on windows) and telnet to there FTP server I believe the command is telnet -o serverip port 21 or whatever
This will identify to some degree what system is set up for FTP
Now if you have a smart admin he has probably got all sorts of bells and whistles to fake what he is running and most likely watching his log files to see what your upto
Thats to some degree a basic run down of security on the server running your web site
Now lets have a discussion about the security of your personal computer for instance your new to the computer scene I bet your running Internet Explorer
Now you have to ask yourself am I downloading pirated software am I downloading mad amounts of porn do I have anti virus do I have a firewall
Things like aforementioned will generally lead to things such as Trojans and spyware and lots of other things that will more than likely be able to get your FTP password and cause a lot of trouble for your computer
So these are things to consider if your worried about the security of your passwords
Cheers
and if you have anymore questions feel free to ask
Im assuming since it is a commercial service they would have at least some general understanding of security if not a whole lot more
What you could do if you would like to learn more is do a port scan of the server ip address or yourdomain.com depending on the country your from this is not illegal
this will give you a general idea of what ports are open on the server and where in security holes will lie
Common ports that are open on most servers 21 80 your port scanning program should tell you what they are
assuming you wish to learn what there FTP security is like you can then open up a cmd (assuming your on windows) and telnet to there FTP server I believe the command is telnet -o serverip port 21 or whatever
This will identify to some degree what system is set up for FTP
Now if you have a smart admin he has probably got all sorts of bells and whistles to fake what he is running and most likely watching his log files to see what your upto
Thats to some degree a basic run down of security on the server running your web site
Now lets have a discussion about the security of your personal computer for instance your new to the computer scene I bet your running Internet Explorer
Now you have to ask yourself am I downloading pirated software am I downloading mad amounts of porn do I have anti virus do I have a firewall
Things like aforementioned will generally lead to things such as Trojans and spyware and lots of other things that will more than likely be able to get your FTP password and cause a lot of trouble for your computer
So these are things to consider if your worried about the security of your passwords
Cheers
and if you have anymore questions feel free to ask
Hey! Thanks a bunch for that reply.
No, I'm not very new at that whole "don't go here or you'll get spyware/trojan/virus" kinda thing. Infact I have over ~10 years computer experience (and I'm protected by a "borrowed" Norton Antivirus 2003).
I'm not that new to the torrent scene, infact I have all of that behind me.
I also use FireFox, cause IE is kinda bad, but still usable for things like these.
I'm also firewalled by Windows Firewall (could you reccomend a better one?).
And I scan my computer for spyware and other such things once or twice a week. Believe me, I have done my fair share of "borrowing."
So, to the point, I'll try out that cmd stuff (I am on a Windows XP SP2) and try to figure out the ip my domain and what ports are available.
Also, what's a good port scanning program?
No, I'm not very new at that whole "don't go here or you'll get spyware/trojan/virus" kinda thing. Infact I have over ~10 years computer experience (and I'm protected by a "borrowed" Norton Antivirus 2003).
I'm not that new to the torrent scene, infact I have all of that behind me.
I also use FireFox, cause IE is kinda bad, but still usable for things like these.
I'm also firewalled by Windows Firewall (could you reccomend a better one?).
And I scan my computer for spyware and other such things once or twice a week. Believe me, I have done my fair share of "borrowing."
So, to the point, I'll try out that cmd stuff (I am on a Windows XP SP2) and try to figure out the ip my domain and what ports are available.
Also, what's a good port scanning program?
-
- cyber messiah
- Posts: 1201
- Joined: 30 Apr 2006, 16:00
- 18
- Location: 127.0.0.1
well the security also depends upon the combination of OS and daemon running.. and to some extent the configuration files... and yes on the sys admin as well..if its an unix/linux server you can also look for several front end modules of code for input sanitization(in some cases,for overflows, fuzzing,etc)... well the posibilities are limitless... most probable being social engineering...
-
- Fame ! Where are the chicks?!
- Posts: 159
- Joined: 05 Nov 2005, 17:00
- 19
- Location: Saint Paul, MN
- Contact:
Re: FTP Passwording
Attacking your hosted website probably isn't a good idea, some probing won't hurt. If you're trying to test their security for learning purposes there's better ways to practice. If you're worried about how easy it would be for someone to access your hosted FTP site you shouldn't worry. Do you have a strong password? And another question you might ask yourself is; why would someone attack me? Do you have a popular website/FTP server or is it just personal files?
``The true voyage of discovery lies not in seeking new landscapes, but in having new eyes``
-
- Fame ! Where are the chicks?!
- Posts: 159
- Joined: 05 Nov 2005, 17:00
- 19
- Location: Saint Paul, MN
- Contact:
Here's a start.
Learning what FTP is might be a start
http://en.wikipedia.org/wiki/File_Transfer_Protocol
Wikipedia is a huge help to begin learning about anything.
Linux man pages help w/commands.
http://www.hmug.org/man/1/ftp.php
If your intentions are accessing someone else's FTP site... well good luck to you. Here is an interesting list of FTP vulnerabilities http://www.networkscanning.com/FTP-VSSF.html
http://en.wikipedia.org/wiki/File_Transfer_Protocol
Wikipedia is a huge help to begin learning about anything.
Linux man pages help w/commands.
http://www.hmug.org/man/1/ftp.php
If your intentions are accessing someone else's FTP site... well good luck to you. Here is an interesting list of FTP vulnerabilities http://www.networkscanning.com/FTP-VSSF.html
``The true voyage of discovery lies not in seeking new landscapes, but in having new eyes``
OK guys! I read up on that stuff! And actually Maboroshi, you were quite bang-on on what I innitially want to do.
Now here's the thing. I don't have Linux, but I'm planning on getting it installed permanently on athe piece of s#it computer that I have idling downstairs. Is there any good Linux that I should know of for something like this? I've heard that a Linux called Mandrake is really good, and I've also experimented a bit with Auditor Tools.
So please, if you could, keep the words to the most simple meenings (example: daemon... huh?) and try to run me through these things step-by-step (in the most simple (well, not too simple) manner possible).
But what Maboroshi stated about the telnet client was actually a very good start!
-Thanks
Now here's the thing. I don't have Linux, but I'm planning on getting it installed permanently on athe piece of s#it computer that I have idling downstairs. Is there any good Linux that I should know of for something like this? I've heard that a Linux called Mandrake is really good, and I've also experimented a bit with Auditor Tools.
So please, if you could, keep the words to the most simple meenings (example: daemon... huh?) and try to run me through these things step-by-step (in the most simple (well, not too simple) manner possible).
But what Maboroshi stated about the telnet client was actually a very good start!
-Thanks
OK! More research has led me to this!
> user (user)
> pass (pass)
and if I enter the variables correctly, I am logged onto the server, but when I do not, and just fake a password, it doesn't log on, and tell me INVALID all over the place.
so heres my main problem! I now need a password and username!
Although, I can presume that the user would be (mysite).com, yet I still wouldn't know the password... so there ya have it... all that I need is to find out how to get a valid working password...
Yoohoo! I need help! (Please don't flame but how else am I supposed to state this question?)
> user (user)
> pass (pass)
and if I enter the variables correctly, I am logged onto the server, but when I do not, and just fake a password, it doesn't log on, and tell me INVALID all over the place.
so heres my main problem! I now need a password and username!
Although, I can presume that the user would be (mysite).com, yet I still wouldn't know the password... so there ya have it... all that I need is to find out how to get a valid working password...
Yoohoo! I need help! (Please don't flame but how else am I supposed to state this question?)
i'm alittle lost on what you are asking.
You are the owner of the server
You know your own user name and password
You can log in with your "correct" name and passeord
but then you say "so heres my main problem! I now need a password and username! "
What do you mean?
You said that you have the user name and passwd,
But you need another name and password?
I'm Lost...
You are the owner of the server
You know your own user name and password
You can log in with your "correct" name and passeord
but then you say "so heres my main problem! I now need a password and username! "
What do you mean?
You said that you have the user name and passwd,
But you need another name and password?
I'm Lost...
“Yes, I am a criminal. My crime is that of curiosity.”
Ok, lemme re-explain this.
This whole thread is only for the sole-purpose of educating the uneducated about how to access FTP without the means of knowing username, nor password.
Yes, I DO have full access to my FTP site with username and password, but I'm checking it for 'vulnerabilites,' as if a hacker would try to get into it, and how he would be able to do that. I have some means of FTP security on my server, so I'm basically testing it.
Yet, my main problem is, is that I firstly need/want to know how to do this (a form of educating myself on FTP servers and their full accessibility, if you will).
That's basically it, so if you could help me out here, I'de greatly appreciate it.
-Thanks
This whole thread is only for the sole-purpose of educating the uneducated about how to access FTP without the means of knowing username, nor password.
Yes, I DO have full access to my FTP site with username and password, but I'm checking it for 'vulnerabilites,' as if a hacker would try to get into it, and how he would be able to do that. I have some means of FTP security on my server, so I'm basically testing it.
Yet, my main problem is, is that I firstly need/want to know how to do this (a form of educating myself on FTP servers and their full accessibility, if you will).
That's basically it, so if you could help me out here, I'de greatly appreciate it.
-Thanks
oh ok, i see where ur coming from now sorry.
well one thing is
FTP username/passwords are tranfered in clear text. so if so one one your network used a sniffer then thay could get a name and password very easily.
I'm not to sure on how to do it but you can set up a secure connection so that the FTP info is encrypted.
I'll look up what i can when i'm done studing tonite
If you want I'm on IRC in #suck-o right now and most likey all nite
well one thing is
FTP username/passwords are tranfered in clear text. so if so one one your network used a sniffer then thay could get a name and password very easily.
I'm not to sure on how to do it but you can set up a secure connection so that the FTP info is encrypted.
I'll look up what i can when i'm done studing tonite
If you want I'm on IRC in #suck-o right now and most likey all nite
“Yes, I am a criminal. My crime is that of curiosity.”
Thanks alot man! Unfortunately, I cannot go onto the IRC channel because I'll be sleeping. I have to go to my classes tomorrow morning.
Now, from what I understood, here's what you should know.
My website is NOT on a local server. I payed for a domain-name and the domain-hoster is currently hosting my files remotely.
Also, I'm not too sure about what you mean with the "secure FTP connection."
And lastly, I'm trying to act this situation out as if I do not even know any of the encryptions or usernames or passwords on this server.
Thanks alot for this stuff bro! Talk to ya later.
Now, from what I understood, here's what you should know.
My website is NOT on a local server. I payed for a domain-name and the domain-hoster is currently hosting my files remotely.
Also, I'm not too sure about what you mean with the "secure FTP connection."
And lastly, I'm trying to act this situation out as if I do not even know any of the encryptions or usernames or passwords on this server.
Thanks alot for this stuff bro! Talk to ya later.