Re: [ncrack] Exclude accounts

[ambarisha b <b.ambarisha () gmail com>]

Right. I think we should also have a command line parameter to
manually exclude user accounts along with an automatic way. It will
give a finer control over which user accounts are tried. There might
be an account on the target box that I don't want to force or don't
want to get stuck at. Correct me if I am wrong, but the accounts are
tried in the order that they are listed. So, if I want to crack an
account that comes below one which I can afford to skip, I won't have
to wait. What do you say?

Cheers
Ambarisha

On Fri, Apr 22, 2011 at 1:03 AM, ithilgore - <ithilgore.ryu.l () gmail com> wrote:
> On Thu, Apr 21, 2011 at 9:10 PM, ambarisha b <b.ambarisha () gmail com> wrote:
> > Hi,
> >
> > With ncrack, is there a way to avoid trying out all the passwords on
> > "anonymous" account for anonymous ftp? Perhaps, an option to exclude
> > some accounts?
> >
> > Ambarisha
>
>
> Hello Ambarisha.
> As of now there is no automatic way of excluding specific usernames or
> passwords, other than removing them explicitly from the equivalent
> list files. However, the task of handling specifically 'anonymous'
> accounts is already in the TODO list:
>
> * Handle username validation for services.  For example, if an FTP
>  server is anon only or if we enumerate SMB users, or some service
>  gives a user does not exist error, we should probably not waste time
>  trying to crack such users against those services.  We need to
>  figure out how this works when multiple services/hosts are being
>  cracked at the same time.
>
>
>
> Regards,
> ithilgore
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/