Nmap Development mailing list archives
Re: Password profiling in NSE
From: Fotis Hantzis <ithilgore.ryu.l () gmail com>
Date: Fri, 15 Apr 2016 13:48:48 +0300
Hello, I have already discussed about Ncrack being fed information by Nmap in this thread: http://seclists.org/nmap-dev/2015/q4/104 As far as your other point is concerned, Ncrack is still the best SSH and RDP brute force cracker out there. These two protocols are extremely hard to attack in their authentication, without replicating a large segment of them. For example, the OpenSSH code was hacked to provide the necessary hooks for Ncrack's socket layer (based on Nsock): http://seclists.org/nmap-dev/2009/q3/428 . As far as RDP is concerned, I wrote the entire RDP packet exchange by hand and implemented pattern matching in the packets for correctly identifying authentication success or failure, since there was no official status code: http://sock-raw.org/nmap-ncrack/ncrack.pdf Ncrack's performance is currently higher than that allowed by NSE and Lua (we have a task for this GSoC however to improve that) and it also features a dynamic timing engine which adapts to network conditions. For example, other cracking tools did a DoS attack on the services they were brute-forcing while Ncrack adapted and cracked them successfully: https://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/ Cheers, ithilgore On Fri, Apr 15, 2016 at 1:24 PM, Giacomo Mantani < giacomo.mantani () studio unibo it> wrote:
Gisle Vanem, Ncrack could use generated password list from gathering stage as well as other brute scripts mentioned by George do. George, is it correct? -- Giacomo Mantani ________________________________________ From: dev [dev-bounces () nmap org] on behalf of Gisle Vanem [gvanem () yahoo no ] Sent: Friday, April 15, 2016 11:15 AM To: dev () nmap org Subject: Re: Password profiling in NSE George Chatzisofroniou wrote:To implement the feature I created a new NSE library: pwdprofile. It provides a method for the NSE scripts to pass any keywords to the library (using NSE registry), mangling algorithms, as well as methods for adding the generated wordlist to the passwords iterator used by the brute force engine.Nice work. But where does this leave Ncrack [1]? Seems your work and the LUA-interface in Nmap is better suited for password cracking than Ncrack is. At the moment anyway. [1] https://nmap.org/ncrack/ https://github.com/nmap/ncrack -- --gv _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Password profiling in NSE George Chatzisofroniou (Apr 14)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)
- Re: Password profiling in NSE George Chatzisofroniou (Apr 18)
- RE: Password profiling in NSE Giacomo Mantani (Apr 19)
- Re: Password profiling in NSE George Chatzisofroniou (Apr 18)
- Re: Password profiling in NSE Gisle Vanem (Apr 15)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)
- Re: Password profiling in NSE Fotis Hantzis (Apr 15)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)
- RE: Password profiling in NSE Giacomo Mantani (Apr 15)