Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password profiling in NSE

From: Fotis Hantzis <ithilgore.ryu.l () gmail com>
Date: Fri, 15 Apr 2016 13:48:48 +0300
Hello,
I have already discussed about Ncrack being fed information by Nmap in this
thread:
http://seclists.org/nmap-dev/2015/q4/104

As far as your other point is concerned, Ncrack is still the best SSH and
RDP brute force cracker out there. These two protocols are extremely hard
to attack in their authentication, without replicating a large segment of
them. For example, the OpenSSH code was hacked to provide the necessary
hooks for Ncrack's socket layer (based on Nsock):
http://seclists.org/nmap-dev/2009/q3/428 . As far as RDP is concerned, I
wrote the entire RDP packet exchange by hand and implemented pattern
matching in the packets for correctly identifying authentication success or
failure, since there was no official status code:
http://sock-raw.org/nmap-ncrack/ncrack.pdf

Ncrack's performance is currently higher than that allowed by NSE and Lua
(we have a task for this GSoC however to improve that) and it also features
a dynamic timing engine which adapts to network conditions. For example,
other cracking tools did a DoS attack on the services they were
brute-forcing while Ncrack adapted and cracked them successfully:
https://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/

Cheers,
ithilgore

On Fri, Apr 15, 2016 at 1:24 PM, Giacomo Mantani <
giacomo.mantani () studio unibo it> wrote:


Gisle Vanem,

Ncrack could use generated password list from gathering stage
as well as other brute scripts mentioned by George do.

George, is it correct?

--

Giacomo Mantani

________________________________________
From: dev [dev-bounces () nmap org] on behalf of Gisle Vanem [gvanem () yahoo no
]
Sent: Friday, April 15, 2016 11:15 AM
To: dev () nmap org
Subject: Re: Password profiling in NSE

George Chatzisofroniou wrote:


To implement the feature I created a new NSE library: pwdprofile. It
provides a method for the NSE scripts to pass any keywords to the
library (using NSE registry), mangling algorithms, as well as methods
for adding the generated wordlist to the passwords iterator used by
the brute force engine.


Nice work. But where does this leave Ncrack [1]?
Seems your work and the LUA-interface in Nmap is better suited
for password cracking than Ncrack is. At the moment anyway.

[1] https://nmap.org/ncrack/
    https://github.com/nmap/ncrack

--
--gv
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: