Comments on: Go hack yourself – recovering your FTP password

By: chip

chip — Fri, 12 Feb 2010 08:39:30 +0000

don’t open the FTP once you login out of theserver!
the question of the spam protection is automatically typed. I am using google chrome here

By: wiserx

wiserx — Wed, 23 Dec 2009 09:29:02 +0000

I felt shocked while testing the network analysis tool. I think it’s better to know if any other methods like this exists.

Thank you for this useful article.

By: pac

pac — Tue, 23 Jun 2009 23:46:11 +0000

i need an hacker in my life coz easyly forget things & mostly they are valuable to me so someone should plz contact me..

By: AskApache

AskApache — Thu, 09 Apr 2009 11:41:13 +0000

Great write up! People that know this stuff take it for granted that everyone else does, its shocking to see how easy it can be done.

By: mark dacol

mark dacol — Tue, 17 Mar 2009 22:41:25 +0000

Hi there John,
Downloaded Wireshark today. it works just like ethereal i guess. Early on your article you made an impression of “recovering old and forgotten passwords”. Was it not the point of the article? Let me know.

Great article,
thanks.

By: Yura

Yura — Wed, 17 Dec 2008 14:43:25 +0000

Thanks for the useful tip. Wouldn’t it be simply enough to login to your hosting account and change it? Or this tip is for super-l33t hax0rs only?

By: John Mueller

John Mueller — Tue, 05 Aug 2008 09:12:24 +0000

Hi Gab, the spam protection is pre-entered because it still seems to work that way – why make it more complicated than is necessary . If I notice that I get too many spammy comments, I might change it again, but for the meantime, it hasn’t brought more spam, so I’m happy with it like that.

By: Ford

Ford — Tue, 05 Aug 2008 09:06:52 +0000

Hi. I am a hacker. I can get you a password (aol, myspace, facebook, msn/hotmail,yahoo..etc). I do charge a fee for a password. Once i get the password i’ll show you proof i have it. Are you interested? please email me at fordf[edited]@yahoo.com

By: Gab Goldenberg

Gab Goldenberg — Tue, 08 Jul 2008 19:16:05 +0000

1) That was an awesome explanation even a non-techie like myself can understand.
2) Why is the spam protection pre-entered?

By: Adam Moro

Adam Moro — Wed, 30 Apr 2008 18:54:34 +0000

Well thanks a lot John. I was up ALL night playing with Backtrack and as a result am now in the dreaded doghouse with my girlfriend. Just kidding obviously. Thanks for the tip, as always, it’s a great one. I assume you’re a Linux ftw kind of guy. Which distro’s your favorite? Not sure if that makes sense (I just recently emerged myself into the world of Linux…yep, Ubuntu it was) so in other words, do you prefer say Gentoo over Fedora or another one? I almost didn’t ask because a friend of mine laughed at me when I asked him that question and told me he uses his own version of Linux. I assume that has something to do with compiling the kernal and adding the desktop environments and such manually…that scares the begeezus out of me so I’m wondering what the more simple answer would be.

By: John Mueller

John Mueller — Sun, 27 Apr 2008 12:03:51 +0000

Adam, if you’re running Linux you can do the same thing for free (there are even Linux versions that run off of a CD which do the same, eg “Backtrack”, you don’t even have to set up a computer to use them). With a little know-how you can not only access unprotected networks, but also WEP encrypted wireless networks. Many public access points are not encrypted, which would allow anyone to listen in when you sign in for email or if you need to make a last-minute website update via FTP .

The easy way to protect yourself is to use more secure protocols like HTTPS when signing in for your webmail account or sFTP instead of FTP . Gmail supports HTTPS, I’m pretty sure the others do too.

By: Adam Moro

Adam Moro — Sun, 27 Apr 2008 04:16:34 +0000

Wow, I finally gave this a try. Even more scary… http://www.cacetech.com/products/airpcap_family.htm. $200 bucks and an unsecured wireless connection is all someone needs to get OTHER people’s passwords. You made me reconsider my whole password convention because of this, John! Thanks again!

By: Adam Moro

Adam Moro — Wed, 26 Mar 2008 18:39:13 +0000

“Even if your FTP (or email) client encrypts passwords in the settings, they can still be read with the right tools.”

Sounds like ultimately there will always be a risk for those who don’t know how to use the right tools. Scary. Thanks for the great info, John!