Re: Ncrack --resume option

[ithilgore <ithilgore.ryu.l () gmail com>]

Michael Pattrick wrote:
> Hey ithilgore,
>
> Sorry for not reading the source code prior to sending this message,
> but why can’t you just store your current position in the
> username/password list? Do you try them out randomly?

That is not as easy as it sounds because:

1) Each target has its own set of pointers, so you need to store a pair of
pointers for each of them.

2) Ncrack uses a pool of username/password pairs to handle the case where an
authentication attempt is dropped before finishing, which means that that pair
has to be tried out again to achieve 100% accuracy. That pool is a dynamic
structure (actually an stl list) which needs to be saved as well for each of the
targets.

3) There are other dynamic parameters too, that will probably need to be stored
as well.

Other than that, most of the stuff could be recreated on the fly by parsing the
initial command line which will be stored in the state file.

-- ithilgore

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org