This is the third installment of my Python scripting series. If you haven't read the previous two articles, take some time now to go back and read Part 1 (Introduction) and Part 2 (Building a Banner Grabbing Tool) before you proceed here.
As I mentioned in previous tutorials, Python is probably the most widely used scripting language for hackers. This is primarily because it has some built-in modules and libraries that make many of the tasks we need to do as hackers much simpler and faster.
In this guide, I want to fill in some more of the basic information about Python and then build a password cracker for an FTP server using some of things we have learned in these three modules.
Dictionaries
In Python, dictionaries act like associative arrays in other languages. We use these when we want to store a list of items (elements) and give them a label. This could be such things as user IDs to names or associating known vulnerabilities to a specific host.
Dictionaries hold unordered pairs-a key and a value-where the keys must be unique. Like lists that I addressed in the previous tutorial, dictionaries are iterable. This means that we can go through them with a control structure such as a for statement, assigning each element of the dictionary to a variable until we come to the end of the dictionary. Among other things, you might use this structure for building a password cracker, where we iterate through each password in a dictionary until one works or come to the end. Dictionaries provide fast lookups.
To instantiate a dictionary, the syntax looks like this:
dict = {key1:value1, key2:value2, key3:value3...}
Control Statements
Like any programming or scripting language, often we need our code to make a decision. There are a number of ways in Python to control the flow of the script. For instance, we may want to set a conditional statement that if this.. then that... else do that.
Let's look at some of these structures in Python.
if:
The if structure in Python is similar to the if...then in BASH. The syntax looks like this:
The control block in Python must be indented.
if ...else:
The if..else structure in Python is similar to the if...then..else in BASH. The syntax looks like this:
For example, here we have code snippet that checks the value of a user ID, if it is 0 (the root user in Linux is always UID 0), then we print a message "You are root." Else, if it is any other value, we print the message "You are not the root user."
Loops
Loops are another very useful structure in Python. The two must widely used are while and for.
while:
The while statement evaluates a Boolean expression (evaluates to true or false) and continues execution while the expression evaluates to true. For example, we could create a code snippet that prints each number from 1 until 10 and then exits the loop.
for:
The for loop assigns values from a list, string, or other iterable structure such as a dictionary, to loop an index variable each time through the loop. For example, we can use a for loop to attempt passwords like in our script below.
Creating an FTP Password Cracker
Now that we have three lessons in Python under our belt, let's create a simple FTP password cracker in Python from what we have learned. In this case, let's move forward and use a sophisticated Integrated Developmenet Environment or IDE. A good IDE can make writing code much faster and help with debugging.
My favorite is PyCharm. You can download the community version free at https://www.jetbrains.com/pycharm/download/#section=linux.
Enter this code below into Pycharm.
Now, let's analyze what we did here.
On line 3, we imported the ftplib module for use by our FTP cracker.
On line 6, we ask the user what IP address that want to try to crack and that data is placed in a variable named "server".
On line 12, we ask the user what user that want to attempt to crack the password for and place that data into a variable "username".
On line 18, we prompt the user for the path and filename of their password list and place it in a variable named "passwordlist".
On line 23, we begin a try/except block. This block will attempt some code and if it fails or has an error, will fall out and go to the except clause below.
On line 25, we begin a looping structure "with". This looping structure continues as long as the condition after it evaluates to true. In this case, we use the function open to open a password list and this loop will continue as long as this file is open or it hits an end of file.
On line 27, we begin a for loop that will iterate through each password and remove any leading and trailing spaces using the strip function.
On line 30, we come to the heart of our password cracking. Here, first we connect to the FTP server.
ftp=ftplib.FTP(server)
Then, we begin a try/except clause to try each password word for the username the user input above.
ftp.login(username, word)
If the username and password creates a successful connection, the "Success!" statement prints with the password and the connection is closed. If it fails, it falls out to the except clause below.
Now, to test our code, try executing (the green button above your work area) this FTP password cracker against the FTP server on Metasploitable 2 using the "msfadmin" account. You should see the following output.
When it finds the password and successfully connects to the FTP server, it will print the message "Success! You have connected to the FTP Server. The password is <password>"
Keep coming back, my novice hackers, as we continue to expand our scripting skills to the level of a pro hacker!