Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ncrack suggestion.

From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Thu, 25 Mar 2010 17:50:22 +0100
On 03/25/10 16:22, Richard Miles wrote:

Hello Nmap/Ncrack developers,

I tried Ncrack for the first time during this week, and I liked it, I would
like to do two suggestions and maybe point a small bug.

I did use Ncrack to brute-force SSHv2 service. Would be awesome if you could
allows user and password from be read from a combo list, like Medusa does:

http://www.foofus.net/jmk/medusa/medusa.html

*Medusa allows host/username/password data to also be set using a "combo"
file. The combo file can be specified using the "-C" option. The file should
contain one entry per line and have the values colon separated in the format
host:user:password. If any of the three fields are left empty, the
respective information should be provided either as a global value or as a
list in a file. Medusa will perform a basic parameter check based on the
contents of the first line in the file.*

*The following combinations are possible in the combo file:*

   - host:username:password
   - host:username:
   - host::
   - :username:password
   - :username:
   - ::password
   - host::password


That's something that could be easily implemented. We can note that down for
our TODO list.



Another option should allow test SSH brute force against different SSH
servers in parallel, similar to Medusa option -T.

 -T [NUM]     : Total number of hosts to be tested concurrently

It would make the SSHv2 much faster if you have multiple targets.


Ncrack already supports attacking multiple targets at the same time, without
needing any particular command-line option. Just specify the hosts and services/ports
you want, the way you do it with Nmap. 



And using Ncrack with -v it works, however if we use -vv or -vvv (more
verbose) it doesn't brute force, it shows the help again. Maybe a bug?


Yes, that is most likely a bug. I'll look into it.



Maybe with more verbose you could display number of users tested? how many
tests per minute?


You can do that interactively by pressing 'v' while Ncrack runs and it will display
more output (or press 'V' to decrease it). It is more or less similar to the way Nmap
works as far as interactive output is concerned. 'd' and 'D' also apply for more/less
debugging output.



I really like Medusa, but it crashes a lot for SSH with -T option, too bad.
As I saw you implemented your own SSH lib you probable can do it.


Indeed, implementing the OpenSSH library for Ncrack [1] has many advantages, but
as I said above, attacking several targets at once is an inherent capability of
Ncrack. You can even attack different services (e.g a SSH service of one host, and a FTP
service of another host) at the same time. See the man page for some examples.



That's all.

Very nice tool.

Thank you.


Cheers,
ithilgore



[1]. http://sock-raw.org/papers/openssh_library

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: