{"id":1549,"date":"2017-03-16T16:21:56","date_gmt":"2017-03-16T08:21:56","guid":{"rendered":"https:\/\/networkingnotesblog.wordpress.com\/?p=1549"},"modified":"2017-03-16T16:21:56","modified_gmt":"2017-03-16T08:21:56","slug":"recover-the-ftp-password-via-tcpdump","status":"publish","type":"post","link":"http:\/\/notes4it.com\/?p=1549","title":{"rendered":"Recover the FTP password via TCPDUMP"},"content":{"rendered":"<p>I always keep my frequently used files in my FTP server, at the same time, and i have my password saved in my FTP client in my laptop as well. So when i need to login to my FTP server from another machine, i was like &#8220;hmm&#8230;. what was my password now?&#8221;<br \/>\nSince FTP is run via plain text, there is no encryption at all. So i have recovered my password via TCPDUMP and the username and password are &#8220;everyone&#8221;.<br \/>\n<a href=\"https:\/\/networkingnotesblog.files.wordpress.com\/2017\/03\/tcpdump-20170316.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1550\" src=\"https:\/\/networkingnotesblog.files.wordpress.com\/2017\/03\/tcpdump-20170316.png\" alt=\"\" width=\"700\" height=\"109\" srcset=\"http:\/\/notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316.png 858w, http:\/\/notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316-300x47.png 300w, http:\/\/notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316-768x120.png 768w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/a><br \/>\n<!--more--><br \/>\nnetuser@HK1401-KVM:~$ sudo tcpdump -n\u00a0 -vvv -i enp6s0 -A -f &#8220;port 2121&#8221; | grep -i &#8220;<span style=\"color:#008000;\">user<\/span>\\|<span style=\"color:#993366;\">pass<\/span>&#8221;<br \/>\nE..7|!@.v.&amp;&#8230;.&#8221;..b&#8230;.I&#8230;&#8230;.3P&#8230;_&#8230;<span style=\"color:#008000;\">USER<\/span> <span style=\"color:#ff0000;\"><strong>everyone<br \/>\n<\/strong><\/span>E..L.E..?&#8230;..b&#8230;.&#8221;.I&#8230;..3&#8230;.P.}x.0..331 <span style=\"color:#993366;\">Pass<\/span>word required for everyone<br \/>\nE..7|#@.v.&amp;&#8230;.&#8221;..b&#8230;.I&#8230;&#8230;.WP&#8230;V&#8230;<span style=\"color:#993366;\">PASS<\/span> <span style=\"color:#ff0000;\"><strong>everyone<\/strong><\/span><br \/>\nE..k.I..?&#8230;..b&#8230;.&#8221;.I&#8230;..W&#8230;.P.}x&#8230;.230-Welcome <span style=\"color:#008000;\">user<\/span> everyone@&lt;source IP adderss&gt; to 127.0.1.1 FTP server.<br \/>\nE..E.M..?&#8230;..b&#8230;.&#8221;.I&#8230;&#8230;&#8230;.P.}x&#8230;.230 <span style=\"color:#008000;\">User<\/span> everyone logged in<br \/>\nLet me break down the syntax.<br \/>\nsudo &#8211; to run the tcpdump in super user mode, it is not necessary if running with root.<br \/>\ntcpdump &#8211; this is the program name.<br \/>\n&#8220;-n&#8221; &#8211; to stop resolve and show the IP address with domain name.<br \/>\n&#8220;-vvv&#8221; &#8211; to display more packet data on the screen.<br \/>\n&#8220;-i enp6s0&#8221; &#8211; to run the tcpdump on the interface of enp6s0 only.<br \/>\n&#8220;-A&#8221; &#8211; to display the packet in ASCII (think of it as human readable form)<br \/>\n&#8220;-f &#8220;port 2121&#8243;&#8221; &#8211; to capture the packets that is related to port 2121 only. (this is my ftp server port.)<br \/>\n&#8220;| grep -i &#8220;<span style=\"color:#008000;\">user<\/span>\\|<span style=\"color:#993366;\">pass<\/span>&#8220;&#8221; &#8211; to filter out the screen output with any lines that has the either user or pass as the keyword.<br \/>\n&nbsp;<br \/>\nThis track can be down with other non encrypted network transfer as well. Hope this can serve with anyone who need to recover their own password. Cheers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I always keep my frequently used files in my FTP server, at the same time, and i have my password saved in my FTP client in my laptop as well. So when i need to login to my FTP server from another machine, i was like &#8220;hmm&#8230;. what was my password now?&#8221; Since FTP is [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1550,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[58,104,126,179,190],"class_list":["post-1549","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-ftp-en","tag-linux-en","tag-password-en","tag-tcpdump-en","tag-username-en"],"_links":{"self":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/1549","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1549"}],"version-history":[{"count":0,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/1549\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/media\/1550"}],"wp:attachment":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1549"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1549"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1549"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}