Re: Ncrack 0.01ALPHA released

[Toni Ruottu <toni.ruottu () iki fi>]

Here is a story about me taking my first steps with ncrack:

I try running ncrack with simply ./ncrack to get the help message.
"Usage: ncrack [Options] {target specification}" makes me think I only
need to define target specification, and everything else is optional.
However part labeled "TARGET SPECIFICATION" doesn't discus services.
So when I try running it against a local machine with ./ncrack
192.168.1.13 I get an error for not defining a service. After reading
service specification section I manage to define the service, and
ncrack starts happily cracking the box.

Then I decide I want to define a user name so ncrack does not need to
brute force both user name and password. I realize that my user names
are not too cryptic, and someone personally attacking me will probably
be able to guess them. I run "./ncrack" again to see how I could
define a user. All I find is option -U for reading user names from a
file. I do "echo mylogin > users" and run "./ncrack -U users
ssh://192.168.1.13". Now ncrack tells me I'm being inconsistent and
that I should set NCRACKDIR to . in order to be consistent. I think
there might be a collision and rename the file to users2. This doesn't
help, so I run "NCRACKDIR=. ./ncrack -U users2 ssh://192.168.1.13",
but the message does not go away. Then I notice the option for setting
data dir. So I try running "./ncrack --datadir . -U users2
ssh://192.168.1.13". This doesn't work either, so I give up and stop
trying.

This is roughly how my user experience went. I hope this helps
improving the tool.

  --Toni

On Mon, Aug 10, 2009 at 11:15 PM, ithilgore<ithilgore.ryu.l () gmail com> wrote:
> Hello nmap-dev!
>
> I am pleased to announce that the first ALPHA release of Ncrack has been
> published! This is meant for testing and bugfixing only, so there will be no
> public announcements outside of nmap-dev for now.
>
> Ncrack is a high-speed network authentication cracking tool and was designed
> using a modular approach, a command-line syntax similar to Nmap and a dynamic
> engine that can adapt its behaviour based on network feedback.
>
> Ncrack's features include a very flexible interface granting the user full
> control of network operations, allowing for very sophisticated bruteforcing
> attacks, timing templates for ease of use, runtime interaction similar to Nmap's
> and many more.
>
> Ncrack works on Linux, *BSD, Windows and Mac OS X and there are already Windows
> and Mac OS X installers out, as well as a unified source code tarball that
> compiles on all systems mentioned.
>
> You can find everything you need at:
> http://nmap.org/ncrack
>
> Also, make certain you read the man-page at:
> http://nmap.org/ncrack/man.html
>
> Of course, you can always download the latest svn source code like this:
> svn co --username guest --password "" \
> svn://svn.insecure.org/nmap-exp/ithilgore/ncrack
>
> This is also a call for testers to give Ncrack a try, report any problems found,
> comment on more features they might want and have a great time playing with it!
>
> Cheers,
> ithilgore
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org