Monday, January 24, 2011

How to crack IIS FTP password using Brute-Force

FTP is an application or service or protocol  which can be used to transfer files from one place to another  place ,it really comes very handy  during transfer of files from a local box to a remote one .Suppose someone get access to your FTP then he/she can cause nightmare for you by uploading  inappropriate images or files etc.Here we will discuss how we can crack the password of IIS installed FTP service in Windows.

What is Brute-Force?

Brute-force is a type of attack in which every  possible combination of letters, digits and special characters are  tried until the right password is matched  with the username. The main limitation of this attack is its time factor. The time it takes to find the proper match mainly depends on the length and complexity of the password.Here I will be using this attack to crack the password.So,lets start…. 


  1. The tool we will be using  ” BrutusA2”(Download:
  2. You need to know the target suppose “”


Step 1.Here I have shown an authentication page of an FTP service in the image below and in the following steps we will crack its password using brutus.
Step 2.Now open up “Brutus” and type  your desire target ,select wordlist and select “FTP” from the drop down menu  and click start. If you are confused then follow the image below.
Step 3.The time it takes as I mentioned above depends on the complexity and length of the password.So after clicking the start button wait for the time as mentioned in the tool.The password will be displayed as shown above.
Recommendation: I would recommend the readers to try it in a virtual environment as I did and enjoy the trick.It is not advisable to try it on some unknown user without prior permission.


Post a Comment