Re: telnet cracking using ncrack

[Martin T <m4rtntns () gmail com>]

D-Null,
if I try "sadsadafsadftestpass" as a password, then it's not accepted.
I forgot to mention, that switch itself is behind the TACACS+ server.
Maybe indeed only first 8 characters are counted..


regards,
martin

2011/10/6 D-Null <dellnull () gmail com>:
> Hi,
>
> What if you try: sadsadafsadftestpass ?
>
> I've seen this a long time ago (like in the stone-age) in a different kind
> of devide and another set of tools.
>
> In that case I also got a positive result with pass:12345678 but also with
> pass:123456789. So my conclusions was that the device itself just takes the
> first 8 chars and skips the rest.
>
> I really don't know about Cisco WS-C2950T-24 but it might have password
> length limited to 8 chars, therefor you got positives in both your case????
>
> 2011/10/5 Martin T <m4rtntns () gmail com>
> > Hello,
> > I tried ncrack on my Cisco WS-C2950T-24 switch. As you can see, port
> > 23(telnet) listens:
> >
> > <<<<<
> > [root@ ~]# nmap -np23 -PN --reason 10.10.10.1
> >
> > Starting Nmap 5.51 ( http://nmap.org ) at 2011-10-05 15:05 EEST
> > Nmap scan report for 10.10.10.1
> > Host is up, received user-set (0.020s latency).
> > PORT   STATE SERVICE REASON
> > 23/tcp open  telnet  syn-ack
> >
> > Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds
> > [root@ ~]#
> > > > > > >
> >
> > Telnet username "admin" and password "testpass" are valid and tested.
> > As I understand, ncrack discovers credentials:
> >
> > <<<<<
> > [root@ ~]# ncrack -v --user admin --pass testpass 10.10.10.1 -p telnet
> >
> > Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-10-05 15:05 EEST
> >
> > Discovered credentials on telnet://10.10.10.1:23 'admin' 'testpass'
> > telnet://10.10.10.1:23 finished.
> >
> > Discovered credentials for telnet on 10.10.10.1 23/tcp:
> > 10.10.10.1 23/tcp telnet: 'admin' 'testpass'
> >
> > Ncrack done: 1 service scanned in 3.00 seconds.
> > Probes sent: 1 | timed-out: 0 | prematurely-closed: 0
> >
> > Ncrack finished.
> > [root@ ~]#
> > > > > > >
> >
> >
> > ..but results are exactly the same if I specify for example wrong
> > password:
> >
> > <<<<<
> > [root@ ~]# ncrack -v --user admin --pass testpasssadsadafsadf
> > 10.10.10.1 -p telnet
> >
> > Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-10-05 15:46 EEST
> >
> > Discovered credentials on telnet://10.10.10.1:23 'admin'
> > 'testpasssadsadafsadf'
> > telnet://10.10.10.1:23 finished.
> >
> > Discovered credentials for telnet on 10.10.10.1 23/tcp:
> > 10.10.10.1 23/tcp telnet: 'admin' 'testpasssadsadafsadf'
> >
> > Ncrack done: 1 service scanned in 3.00 seconds.
> > Probes sent: 1 | timed-out: 0 | prematurely-closed: 0
> >
> > Ncrack finished.
> > [root@ ~]#
> > > > > > >
> >
> > Why ncrack accepts "testpasssadsadafsadf" as a valid password?
> >
> >
> > regards,
> > martin
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL
> > certificate.  We look at how SSL works, how it benefits your company and how
> > your customers can tell if a site is secure. You will find out how to test,
> > purchase, install and use a thawte Digital Certificate on your Apache web
> > server. Throughout, best practices for set-up are highlighted to help you
> > ensure efficient ongoing management of your encryption keys and digital
> > certificates.
> >
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------