LabEx
Log InJoin For Free

Attack FTP Services with Hydra

HydraHydraBeginner
Practice Now

Introduction

In this lab, you will learn how to conduct brute-force attacks against FTP services using Hydra, a versatile password-cracking tool. You'll set up a local FTP server with vsftpd and create test accounts with weak passwords to demonstrate security vulnerabilities.

The lab will guide you through executing Hydra attacks, analyzing results, and understanding how weak authentication can compromise FTP services. This practical exercise covers server configuration, attack simulation, and security assessment in a controlled environment.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL hydra(("Hydra")) -.-> hydra/HydraGroup(["Hydra"]) hydra/HydraGroup -.-> hydra/installation("Installation and Setup") hydra/HydraGroup -.-> hydra/password_creation("Password List Creation") hydra/HydraGroup -.-> hydra/username_creation("Username List Creation") hydra/HydraGroup -.-> hydra/single_username("Single Username Attack") hydra/HydraGroup -.-> hydra/single_password("Single Password Attack") hydra/HydraGroup -.-> hydra/ftp_attack("FTP Brute Force") hydra/HydraGroup -.-> hydra/output_saving("Output File Saving") hydra/HydraGroup -.-> hydra/verbose_mode("Verbose Mode Usage") subgraph Lab Skills hydra/installation -.-> lab-549914{{"Attack FTP Services with Hydra"}} hydra/password_creation -.-> lab-549914{{"Attack FTP Services with Hydra"}} hydra/username_creation -.-> lab-549914{{"Attack FTP Services with Hydra"}} hydra/single_username -.-> lab-549914{{"Attack FTP Services with Hydra"}} hydra/single_password -.-> lab-549914{{"Attack FTP Services with Hydra"}} hydra/ftp_attack -.-> lab-549914{{"Attack FTP Services with Hydra"}} hydra/output_saving -.-> lab-549914{{"Attack FTP Services with Hydra"}} hydra/verbose_mode -.-> lab-549914{{"Attack FTP Services with Hydra"}} end

Set Up a Local FTP Server

In this step, you will set up a local FTP server using vsftpd (Very Secure FTP Daemon) in the LabEx VM environment. FTP (File Transfer Protocol) is a standard network protocol used to transfer files between a client and server over a network. Think of it like a digital post office that handles file deliveries between computers.

  1. First, we need to install the vsftpd package. This command updates your package list and installs the FTP server software:
sudo apt-get update && sudo apt-get install -y vsftpd
  1. After installation, it's good practice to create a backup of the default configuration file. This way, you can always restore the original settings if needed:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
  1. Now we'll edit the configuration file using nano, a simple text editor in Linux. This file controls how your FTP server behaves:
sudo nano /etc/vsftpd.conf
  1. Inside the configuration file, we need to modify these important settings. These changes will:
    • Disable anonymous access (for security)
    • Allow local users to log in
    • Permit file uploads
    • Restrict users to their home directories (for safety)
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
modify configuration

You can verify the changes by running the following command:

grep -E "^(anonymous_enable|local_enable|write_enable|chroot_local_user|allow_writeable_chroot)=" /etc/vsftpd.conf | cat
verify configuration

  1. After making these changes, save the file by pressing Ctrl+O (Write Out) and then exit nano with Ctrl+X.

  2. Now we need to restart the vsftpd service to apply our configuration changes. This is like refreshing the server with our new settings:

sudo service vsftpd restart
  1. Next, we'll create a test user account specifically for FTP access. The -m flag creates a home directory, and -s sets the default shell:
sudo useradd -m ftpuser -s /bin/bash
sudo passwd ftpuser

When prompted, set the password to password123. We're using this simple password for testing purposes only - in real situations, you should always use strong passwords.

  1. Let's create a special directory for FTP testing and set proper permissions. This ensures our test user can access and modify files in this folder:
sudo mkdir -p /home/ftpuser/ftp_test
sudo chown ftpuser:ftpuser /home/ftpuser/ftp_test
  1. Finally, we should verify that our FTP server is running properly. This command checks the status of the vsftpd service:
sudo service vsftpd status
service status

You should see output indicating the service is active (running). If you see any errors, you may need to review your configuration steps.

Configure FTP Server with Test Users

In this step, we'll prepare our FTP server for security testing by creating test accounts with intentionally weak passwords. This setup mimics common security vulnerabilities found in real-world systems, where users often choose simple passwords. We'll create three test users, set up their home directories, and generate password lists that Hydra will use later.

  1. First, let's create three test users with weak passwords (for demonstration purposes only). These commands create new system users with home directories and set their passwords:
sudo useradd -m ftpuser1 -s /bin/bash
echo "ftpuser1:password1" | sudo chpasswd

sudo useradd -m ftpuser2 -s /bin/bash
echo "ftpuser2:password2" | sudo chpasswd

sudo useradd -m ftpuser3 -s /bin/bash
echo "ftpuser3:password3" | sudo chpasswd
  1. Now we'll create dedicated FTP directories for each user and set proper ownership. This ensures each user can only access their own files through FTP:
sudo mkdir -p /home/ftpuser1/ftp_files
sudo mkdir -p /home/ftpuser2/ftp_files
sudo mkdir -p /home/ftpuser3/ftp_files

sudo chown ftpuser1:ftpuser1 /home/ftpuser1/ftp_files
sudo chown ftpuser2:ftpuser2 /home/ftpuser2/ftp_files
sudo chown ftpuser3:ftpuser3 /home/ftpuser3/ftp_files
  1. Let's populate each user's directory with a test file. These files will help verify successful FTP access later:
echo "This is ftpuser1's test file" | sudo tee /home/ftpuser1/ftp_files/test1.txt
echo "This is ftpuser2's test file" | sudo tee /home/ftpuser2/ftp_files/test2.txt
echo "This is ftpuser3's test file" | sudo tee /home/ftpuser3/ftp_files/test3.txt
  1. Before proceeding, let's verify FTP access works for one of our test users. This curl command attempts to download a file using FTP credentials:
curl -u ftpuser1:password1 ftp://localhost/ftp_files/test1.txt

If configured correctly, you should see the content of test1.txt displayed in your terminal.

This is ftpuser1's test file

Prepare Attack Lists for FTP

In this step, you will prepare the wordlists that Hydra will use to attempt logging into the FTP server. These lists contain potential usernames and passwords that Hydra will systematically try during the brute-force attack. Understanding how to create effective wordlists is crucial for penetration testing.

  1. First, we'll create a basic username list containing common FTP usernames. These are default or frequently used account names that administrators sometimes forget to change:
echo -e "ftpuser1\nftpuser2\nftpuser3\nadmin\nroot\nftp\ntest\nuser\nanonymous" > ~/project/ftp_users.txt
  1. Next, we'll create a password list with common weak passwords. Many users set simple passwords that are easy to remember but also easy to guess:
echo -e "password1\npassword2\npassword3\npassword123\n123456\npassword\nadmin\nroot\nftp\ntest\nqwerty\nletmein" > ~/project/ftp_passwords.txt
  1. Let's verify both files were created correctly by displaying their contents. This ensures our lists contain exactly what we intended:
cat ~/project/ftp_users.txt
cat ~/project/ftp_passwords.txt
  1. To generate more complex password combinations, we'll install the crunch tool. This helps create systematic password patterns that might be used in real systems:
sudo apt-get install -y crunch
  1. Now we'll use crunch to generate numeric passwords of exactly 6 digits. This simulates common number-only passwords like birth dates or simple PINs:
crunch 6 6 1234567890 -o ~/project/numeric_passwords.txt
  1. Combine all password lists into one comprehensive file. This merged list will give Hydra more password options to try during the attack:
cat ~/project/ftp_passwords.txt ~/project/numeric_passwords.txt > ~/project/combined_passwords.txt
  1. Check how many password entries we've created. This helps estimate how long the brute-force attack might take:
wc -l ~/project/combined_passwords.txt
  1. Finally, create a smaller test password file for demonstration purposes. Using a subset helps verify our setup works before running the full attack:
head -n 50 ~/project/combined_passwords.txt > ~/project/test_passwords.txt

Execute Hydra Attack on FTP Service

In this step, you will use Hydra to perform a brute-force attack against the local FTP server we configured earlier. Hydra is a popular password-cracking tool that supports many protocols including FTP. A brute-force attack systematically tries all possible password combinations until the correct one is found. This demonstrates why weak passwords are vulnerable to such attacks.

  1. First, verify Hydra is installed by checking its help menu. This confirms the tool is ready to use and shows available options:
hydra -h
  1. Run a basic Hydra attack using the username and password lists we created. The -L specifies the username list and -P specifies the password list. Hydra will try each combination against the FTP service running on localhost:
hydra -L ~/project/ftp_users.txt -P ~/project/test_passwords.txt ftp://localhost
hydra attack
  1. To see more detailed output of the attack progress, add the -vV flag. This verbose mode helps understand what Hydra is doing during the attack:
hydra -vV -L ~/project/ftp_users.txt -P ~/project/test_passwords.txt ftp://localhost
  1. Run a more comprehensive attack with the full password list (this will take longer). The -t 4 option limits to 4 parallel connections to avoid overloading the server while still maintaining good speed:
hydra -L ~/project/ftp_users.txt -P ~/project/combined_passwords.txt ftp://localhost -t 4
  1. When Hydra finds valid credentials, they will be displayed in the output. This shows which username/password combination successfully authenticated to the FTP server. Example success output:
[21][ftp] host: 127.0.0.1   login: ftpuser1   password: password1
  1. Save the results to a file for later analysis. The -o option writes the output to a file instead of just displaying it on screen:
hydra -L ~/project/ftp_users.txt -P ~/project/test_passwords.txt ftp://localhost -o ~/project/hydra_results.txt
  1. Verify the results file to see if any credentials were discovered. This lets you review the findings after the attack completes:
cat ~/project/hydra_results.txt

Summary

In this lab, you have learned how to configure a local FTP server using vsftpd, including package installation, configuration adjustments for local user access, and creating test accounts with weak passwords. The process involved modifying vsftpd.conf settings, setting up proper directory permissions, and verifying service functionality.

Additionally, you have prepared a testing environment for Hydra attacks by creating multiple accounts with predictable credentials. This setup provides a controlled scenario to practice brute-force techniques while maintaining realistic security testing conditions.