Re: RFC on Ncrack, A new network authentication cracker

[Joao Correa <joao () livewire com br>]

I'm sure it is a great idea. I also suffer with the lack of options when
trying to brute-force something.
I probably can help with testing it on Mac OS X.

I think that the feature of resuming a brute force from a interrupted
session is very important, since sometimes it is impossible to run the full
test at once.

Also the feature of using data mining and machine learning would be great.
Many users have the same user/pass for different services (and, as
mentioned, sometimes different services use the same auth backend). This
could also provide a way of learning which of the passwords are the most
used and, before a good number of tests, these most used passwords could be
attempted first.

Ncrack could also share statistical information (with user's consent, of
course) for improving machine learn.

--

João B. Correa

On Tue, Apr 28, 2009 at 9:31 PM, Corey Chandler <lists () sequestered net>wrote:

> jah wrote:
>
> >  Ncrack
> > should definitely ship with a quality list (and if someone decided to
> > spend the summer "Cracking the Internet" the list could have frequency
> > data (like nmap-services) too).
> Unfortunately that person would likely be either in federal prison, or
> detained as an enemy combatant. :-p
>
> Portscanning is technically not illegal; brute force attacks most assuredly
> are.
>
> --
> Corey Chandler / KB1JWQ
> Living Legend / Systems Exorcist
> Today's Excuse: The POP server is out of Coke
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org