Re: RFC on Ncrack, A new network authentication cracker

[Lionel Cons <lionel.cons () cern ch>]

Fyodor <fyodor () insecure org> writes:
> I'm proposing a new tool: Ncrack, and I'd love to get your feedback on
> it!

IMHO, this is a very good idea.

> o It needs to be faster than its competitors such as THC Hydra, Cain &
>   Abel, etc.  The speed should be quite tunable so you can specify a
>   slow rate for the times when that is desirable.

I would value more reliability (e.g. detecting a service that
temporarily blocks new attempts) rather than speed. Also, like Nmap,
it should have flexible timing and rate limiting options.

> o It needs to have great username and password lists.

I find this "out of scope". The question of which dictionaries to use
should be tool independent. There are already many sources and several
good tools to generate yet more passwords (e.g. john --incremental).

However, Ncrack could somehow filter the raw source of passwords and
adapt it to the service it talks to. If the remote end does not care
about case, Ncrack should take this into account.

> o Ncrack needs to support the major authenticated protocols, such as
>   ssh, msrpc, http, imap, pop3, SNMP, telnet, ftp, etc.

I would add VNC and databases like LDAP, MS-SQL, MySQL, Oracle...

As Ithilgore pointed out, it should support some kind of module or
plugin mechanism so that services requiring specific libraries
(e.g. Oracle) can easily be built when the required libraries are
available.

I would also add that Ncrack should not re-invent Nmap's wheel and
rely on it to detect which services are available on which port.

Cheers,

Lionel

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org