Nmap Development mailing list archives
Re: Ncrack suggestion.
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Thu, 25 Mar 2010 17:50:22 +0100
On 03/25/10 16:22, Richard Miles wrote:
Hello Nmap/Ncrack developers, I tried Ncrack for the first time during this week, and I liked it, I would like to do two suggestions and maybe point a small bug. I did use Ncrack to brute-force SSHv2 service. Would be awesome if you could allows user and password from be read from a combo list, like Medusa does: http://www.foofus.net/jmk/medusa/medusa.html *Medusa allows host/username/password data to also be set using a "combo" file. The combo file can be specified using the "-C" option. The file should contain one entry per line and have the values colon separated in the format host:user:password. If any of the three fields are left empty, the respective information should be provided either as a global value or as a list in a file. Medusa will perform a basic parameter check based on the contents of the first line in the file.* *The following combinations are possible in the combo file:* - host:username:password - host:username: - host:: - :username:password - :username: - ::password - host::password
That's something that could be easily implemented. We can note that down for our TODO list.
Another option should allow test SSH brute force against different SSH servers in parallel, similar to Medusa option -T. -T [NUM] : Total number of hosts to be tested concurrently It would make the SSHv2 much faster if you have multiple targets.
Ncrack already supports attacking multiple targets at the same time, without needing any particular command-line option. Just specify the hosts and services/ports you want, the way you do it with Nmap.
And using Ncrack with -v it works, however if we use -vv or -vvv (more verbose) it doesn't brute force, it shows the help again. Maybe a bug?
Yes, that is most likely a bug. I'll look into it.
Maybe with more verbose you could display number of users tested? how many tests per minute?
You can do that interactively by pressing 'v' while Ncrack runs and it will display more output (or press 'V' to decrease it). It is more or less similar to the way Nmap works as far as interactive output is concerned. 'd' and 'D' also apply for more/less debugging output.
I really like Medusa, but it crashes a lot for SSH with -T option, too bad. As I saw you implemented your own SSH lib you probable can do it.
Indeed, implementing the OpenSSH library for Ncrack [1] has many advantages, but as I said above, attacking several targets at once is an inherent capability of Ncrack. You can even attack different services (e.g a SSH service of one host, and a FTP service of another host) at the same time. See the man page for some examples.
That's all. Very nice tool. Thank you.
Cheers, ithilgore [1]. http://sock-raw.org/papers/openssh_library _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncrack suggestion. Richard Miles (Mar 25)
- Re: Ncrack suggestion. ithilgore (Mar 25)
- Re: Ncrack suggestion. Richard Miles (Mar 25)
- Re: Ncrack suggestion. Richard Miles (Mar 27)
- Re: Ncrack suggestion. ithilgore (Mar 27)
- Re: Ncrack suggestion. Richard Miles (Mar 27)
- Re: Ncrack suggestion. Richard Miles (Mar 28)
- Re: Ncrack suggestion. Fyodor (Mar 28)
- Re: Ncrack suggestion. Richard Miles (Mar 28)
- Re: Ncrack suggestion. Fyodor (Mar 28)
- Re: Ncrack suggestion. Richard Miles (Mar 28)
- Re: Ncrack suggestion. ithilgore (Mar 29)
- Re: Ncrack suggestion. Richard Miles (Mar 25)
- Re: Ncrack suggestion. ithilgore (Mar 25)