[Red teaming]how to Crack FTP credentials using a Dictionary Attack(Web Server Attack)

overview

First, I checked the target machine (Windows 10) with an open port or not by conducting a Nmap scan. It turned out that port 21 (FTP) was available. Then, I run a dictionary attack using Hydra wordlist to check if any passwords can match a list of wordlists. After the dictionary attack, the same username and passwords got compromised. I use one of them (Martin’s username and password) to log in to the target machine FTP service.

The lessons learned from this lab is

1. Do not open unnecessary port

2. Create a strong password (more than 14 characters long) that does not match one of the word lists’ common passwords.

3. Constantly monitor suspicious activities. So even after the compromise, the impact can be minimized.