Gostony McMullen, LLC
For those who like their code done right.

Dev Blog

Here is where you'll find musings about various tips & tricks our developers have used to make their lives easier.

Forgot saved FTP password?

posted Sep 29th 2011

If you use an FTP client that saves your password, you've probably forgotten that password. However, there's a way to find it out!

We're going to use tcpdump, a very useful UNIX program that lets you read raw TCP data. Mac and *nix users rejoice, it's already on your computer! Windows users, you may have to download Wireshark or another packet sniffer.

The first step is we need to find out what the name of our network adapter is, so fire up your terminal and type in ifconfig. You'll see something that looks like this:

lo0: flags=8049 mtu 16384

options=3

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

gif0: flags=8010 mtu 1280

stf0: flags=0<> mtu 1280

en0: flags=8863 mtu 1500

ether 58:55:ca:f9:29:cf

inet6 fe80::5a55:caff:fef9:29cf%en0 prefixlen 64 scopeid 0x4

inet 10.142.24.242 netmask 0xfffff800 broadcast 10.142.31.255

media: autoselect

status: active

You're looking for the one with the useful inet address - the one that looks like your IP. If you're behind a router it's probably going to be 192.168.*.* (here I have a public IP on en0). The keyword you want is the one with a few letters and a number; typically en0, en1, or something similar.

Now, issue this command:

sudo tcpdump -i en0 -A port 21 > data.txt

Be sure to replace en0 with your interface name. This tells tcpdump to scan on device en0; -A tells it to dump all the packet data; port 21 tells it to only listen to FTP data, and > data.txt routes the output to data.txt instead of just spamming your terminal.

While that's running, open up your FTP client and log into the FTP. Return to your terminal, type CTRL+C to stop the command, and then use your favorite text editor to open up data.txt. You're going to be searching for PASS xxx and where xxx will be your password in plain text!

Some of you will have alarms and bells going off in your head at how easy that was to sniff. The truth is... it is. FTP sends passwords in the clear and is extremely insecure for this matter. Using SFTP or other secure protocols to log into your server is a much more secure option, but some providers only provide FTP. In that case, you're stuck. If you're on a WPA2 network that should provide *most* of the security you need.

Made in the USA.