Nmap Development mailing list archives

Re: Ncrack Bug report

From: David Fifield <david () bamsoftware com>
Date: Mon, 7 Feb 2011 01:01:48 -0800

On Sun, Feb 06, 2011 at 10:44:00PM +0200, ithilgore - wrote:

On Sun, Feb 6, 2011 at 6:57 PM, Cornelius Krasel
<cornelius.krasel () web de> wrote:

Hi,

I am trying to retrieve the admin password from our own Cisco WRT54GL using the latest ncrack binary for Windows.

%---snip---

$Windows XP> ncrack -vvvv --user admin http://192.168.1.1

Starting Ncrack 0.3ALPHA ( http://ncrack.org/ ) at 2011-02-06 17:09 Westeuropäische Normalzeit

Rate: 31.74; Found: 0; About 77.07% done; ETC: 17:10 (00:00:24 remaining)

Strange connect error from 192.168.1.1 (10048): No such file or directory

Assertion failed: 0, file .\src\nsock_core.c, line 404

This application has requested the Runtime to terminate it in an unusual way.

Please contact the application's support team for more information.

%---snip---

Repeating the command, ncrack always fails at around the same space covered (77.79%, 76.65%), which makes me think 
that ncrack has discovered the right password but fails on the reply of the router. If I mess around with the 
timing by using "ncrack -T2", the program fails immediately with the same error message. With "ncrack -T1" or 
"ncrack -T0" the program just stops without producing any result, apparently not having scanned any space. "-T3" 
seems to be identical with no options; "-T4" and "-T5" fail at around 72%. Any help would be greatly appreciated 
because I don't want to reset the router :-).
Cornelius.



Hello,
it would be helpful if we could take a look at a tcpdump/wireshark
dump file near the moment that the termination happens. The error you
get is something that is printed by Nsock, the socket library that
Ncrack uses.

Inspecting the relevant source code points out to the fact that this
is an error that occurs whenever a connection status return code can't
be handled by Nsock. Perhaps David could shed some light if he has
encountered this kind of situation before.


I don't know why it's saying "No such file or directory". A web search
shows that errno 10048 is WSAEADDRINUSE, "Address in use". Maybe sockets
are getting reused without being freed?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Ncrack Bug report Cornelius Krasel (Feb 06)
- Re: Ncrack Bug report ithilgore - (Feb 06)
  - Re: Ncrack Bug report David Fifield (Feb 07)