Nmap Development mailing list archives
Re: Ncrack discussion
From: Dnucna <dnucna () gmail com>
Date: Fri, 15 May 2009 09:46:44 +0200
I have many thoughts about Ncrack. About HTTP, how do you choose if you want to crack basic authentication, .htaccess or a web form ? And what if you want to crack two different web forms in a row ? Are all the protocols using the same login list and password list (and community list) ? Why not but the lists are not exactly the same. You will try "anonymous" on every FTP of curse, but you will try "anonymous" on snmp, telnet, ssh, ... In fact the only cracker which want to crack differents protocols in the same time is ciscotorch. If I am right, Hydra and Medusa crack only one protocol. I have no idea about Ncrack command line except that it must take the xml from nmap in input. Best regards, Dnucna 2009/5/14 <doug () hcsw org>
On Thu, May 14, 2009 at 09:46:38PM +0100 or thereabouts, jah wrote:On 14/05/2009 21:27, ithilgore wrote:However, using brackets will involve having to escape them in mostshells. Sincewe want to avoid that, another character might be more appropriate.What aboutusing slashes?I suggested brackets because Nmap allows their use in port specification: nmap -p [-1024] to mean (in this case) TCP ports listed in nmap-services up-to and including port 1024.How the [] modifiers interact with --top-ports and --port-ratio is described in this message: http://seclists.org/nmap-dev/2007/q2/0224.html To the best of my knowledge it is accurate to the current version of Nmap (except for "PROPOSED FURTHER EXTENSION"). Although mostly obsoleted by port ratios, the square bracket syntax is still necessary to implement -F on systems with only /etc/services (and not a recent nmap-services).I wasn't aware that they might need to be escaped.In bash and ksh square brackets don't usually need to be escaped. The only cases I can think of involve the test operator: doug@eclipse:~$ if [ 1 == 1 ] ; then echo hi ; fi hi doug@eclipse:~$ if [ 1 == 0 ] ; then echo hi ; fi doug@eclipse:~$ But this only takes effect if [ is written by itself and only in certain contexts. TRIVIA: on many older unix systems /bin/[ was a symlink to /bin/test for this purpose. I can't remember tcsh well enough to say what the conflicts are but it looks like escaping IS necessary there: eclipse:~> ls [-1024] ls: No match. eclipse:~> ls \[-1024\] ls: cannot access [-1024]: No such file or directory Please forgive my spotty shell scripting knowledge but I switched to perl and never looked back. ;) Best, Doug _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncrack discussion ithilgore (May 14)
- Re: Ncrack discussion Kris Katterjohn (May 14)
- Re: Ncrack discussion Arturo 'Buanzo' Busleiman (May 14)
- Re: Ncrack discussion sara fink (May 16)
- Re: Ncrack discussion ithilgore (May 16)
- Re: Ncrack discussion Arturo 'Buanzo' Busleiman (May 14)
- Re: Ncrack discussion Kris Katterjohn (May 14)
- Re: Ncrack discussion jah (May 14)
- Re: Ncrack discussion ithilgore (May 14)
- Re: Ncrack discussion jah (May 14)
- Re: Ncrack discussion ithilgore (May 14)
- Re: Ncrack discussion doug (May 14)
- Re: Ncrack discussion Dnucna (May 15)
- Re: Ncrack discussion ithilgore (May 14)
- What is this error? Jones, David H (May 15)
- RE: What is this error? Aaron Leininger (May 15)
- Re: What is this error? Michael Pattrick (May 15)