Re: Ncrack HTTP Auth Success Detection

[online () singularidea org]

On 06/11/2014 02:58 AM, Joe Savage wrote:
> Hey,
>
> I've been using ncrack's HTTP module to bruteforce some HTTP Basic
> Authentication with a simple password dictionary, so I'm using a command
> such as the following:
>
> `ncrack --user username -P wordlist.txt http://domain.tld:port,path=/path/`
>
> The issue I'm having is that ncrack doesn't seem to be able to detect
> differences between password successes and failures - listing all the
> attempted user/pass combinations after the attack - as the server returns
> messages in both cases (one indicating failure, and the other being the
> password protected page). I know the message returned in cases of failure,
> but is there any way I can make ncrack aware of this so it can only output
> any password successes to me?
>
> I feel like I must be missing some obvious piece of functionality or
> something here, as the way I'm using the tool at current means I can
> get literally no use out of the HTTP module.
>
> Any help or advice would be appreciated. Thanks.
> _______________________________________________
> Sent through the dev mailing list
> http://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/


If ncrack is outputting failures as errors you can separate with
redirecting.

ncrack --user username -P wordlist.txt
http://domain.tld:port,path=/path/ 2 > error.log

which will output all errors (2) to error.log and normal output (1) to
standard out. Can also redirect to /dev/null to simply discard all errors.

Disclaimer - I haven't personally used ncrack.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/