Security Basics mailing list archives

telnet cracking using ncrack

From: Martin T <m4rtntns () gmail com>
Date: Wed, 5 Oct 2011 16:00:36 +0300

Hello,
I tried ncrack on my Cisco WS-C2950T-24 switch. As you can see, port
23(telnet) listens:

<<<<<
[root@ ~]# nmap -np23 -PN --reason 10.10.10.1

Starting Nmap 5.51 ( http://nmap.org ) at 2011-10-05 15:05 EEST
Nmap scan report for 10.10.10.1
Host is up, received user-set (0.020s latency).
PORT   STATE SERVICE REASON
23/tcp open  telnet  syn-ack

Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds
[root@ ~]#


Telnet username "admin" and password "testpass" are valid and tested.
As I understand, ncrack discovers credentials:

<<<<<
[root@ ~]# ncrack -v --user admin --pass testpass 10.10.10.1 -p telnet

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-10-05 15:05 EEST

Discovered credentials on telnet://10.10.10.1:23 'admin' 'testpass'
telnet://10.10.10.1:23 finished.

Discovered credentials for telnet on 10.10.10.1 23/tcp:
10.10.10.1 23/tcp telnet: 'admin' 'testpass'

Ncrack done: 1 service scanned in 3.00 seconds.
Probes sent: 1 | timed-out: 0 | prematurely-closed: 0

Ncrack finished.
[root@ ~]#



..but results are exactly the same if I specify for example wrong password:

<<<<<
[root@ ~]# ncrack -v --user admin --pass testpasssadsadafsadf
10.10.10.1 -p telnet

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-10-05 15:46 EEST

Discovered credentials on telnet://10.10.10.1:23 'admin' 'testpasssadsadafsadf'
telnet://10.10.10.1:23 finished.

Discovered credentials for telnet on 10.10.10.1 23/tcp:
10.10.10.1 23/tcp telnet: 'admin' 'testpasssadsadafsadf'

Ncrack done: 1 service scanned in 3.00 seconds.
Probes sent: 1 | timed-out: 0 | prematurely-closed: 0

Ncrack finished.
[root@ ~]#


Why ncrack accepts "testpasssadsadafsadf" as a valid password?


regards,
martin

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

telnet cracking using ncrack Martin T (Oct 05)
- Re: telnet cracking using ncrack ithilgore.ryu.l (Oct 07)
- Message not available
  - Re: telnet cracking using ncrack Martin T (Oct 07)