Hacker, Researcher and Author.

Cracking FTP Passwords Using Dictionary Attacks

What is a Dictionary Attack ?

In layman language, Dictionary attack means using a tool that picks passwords from a wordlist and tries them one by one until one works

How to make a wordlist ?

A wordlist can consist of all possible combinations of letter,numbers,special characters. It can have some common or default passwords. You can download the wordlist generators or google the wordlists for bruteforcing and configure them according to yourself.

How fruitful attack can be ?

If we are try all possible combinations of letter,numbers,special characters, theoretically chances of success are 100%. But practically it is not possible to try every combination because it can take a lot of time. This attack just depends on the time you give,processing power and ofcourse your luck.

Tool I will be using ?
  • THC Hydra

    Step 1 

    Download THC Hydra from here

    Step 2

    (a) Make a usename wordlist consisting of some common usernames like this

    (b) Get a wordlist of passwords
    (c) Copy both wordlists to your hydra folder

    Step 3

    (a)Open the command prompt and change directory to your hydra folder using cd command.

    (b) Type "hydra" without quotes and it will show you the options to use.

    (c) Now to start attak,

    Type "hydra -L userslist.txt -P passlist.txt xxx.xxx.xxx.xxx ftp" and press enter

    where userslist.txt is the list of usernames, passlist.txt is the list of passwords and xxx.xxx.xxx.xxx is the IP address of target, Now it will start cracking

    To use a single username instead of wordlist , Replace capital L with small l , like this

    Type "hydra -l username -P passlist.txt xxx.xxx.xxx.xxx ftp"

    Note : Ftp port must be open.

    Warning: I highly recommend you to use a chain of proxies to spoof your identity because proper logs of user's IP addresses who try to connect to ftp server is made on the server. Here is an example of the same.

    Countermeasures to protect yourself from this attack:

    1. Use strong passwords
    2. Enable Autoban of IPs or anyother option like this.

    About The Author
    This is a guest post written by Aneesh M Makker. Aneesh M.Makker is an Ethical hacker from Malout, a town in Punjab.Click here to visit his Facebook Profile


    1. hey thanx a lot Rafay, I was searching for the same from some days . unique post

    2. @Nitin
      Thanks for your comment Nitin, Make sure you subscribe to our RSS Feed to receive regular updates from our blog

    3. Is there any way we can start with string of length 1 and then goes on with length 2,3,4 etc for both usernames and password try all the possible 255 characters, rather then getting list from a txt file.
      Or any other software that does or I have to implement my own for hacking purposes as normally servers are secured in this way very difficult to hack.

    4. Hey search for wordlist generators. U can specify the length and it will generate all the possible words of specified length .

    5. how to Get a wordlist of passwords, in step 2 (b)?

    6. Wrong

      "In layman language, brute forcing means using a tool that picks passwords from a wordlist and tries them one by one until one works."

      This is dictionary attack be careful while posting

    7. @Rohail
      Yes Rohail you are right this is a dictionary attack, This is a guest post and was not written by me and I never checked it properly

    8. Give simple trick but i had to work on facebook

    9. gr8 article... i tried it and it works fine...
      can u please highlight on how to use chain of proxies for d same

    10. what is the key for this program , tnx

    11. Hi their,
      I need help guys. my router overseas got hacked and now I need to access it to change my password. it was my stupidity to not think this will happen and left as admin/admin... now I have to try to find what was it change too and hope that the user name was not changed and that I can find a good dictionary.

      I downloaded your tool on windows vista 64 but it worked with error stating its the cygwin version.. do you have or know what version of cygwin that I have to use with the hydra version here.

      much of thanks



    © 2016 All Rights Reserved by RHA Info Sec. Top

    Contact Form


    Email *

    Message *

    Powered by Blogger.