Re: Ncrack suggestion.

[Richard Miles <richard.k.miles () googlemail com>]

> > That's something that could be easily implemented. We can note that down
> for
> > our TODO list.
Very good, it will be very helpful.


> > Ncrack already supports attacking multiple targets at the same time,
> without
> > needing any particular command-line option. Just specify the hosts and
> services/ports
> > you want, the way you do it with Nmap.
Ok, but I'm brute forcing only SSHv2. How should I for example tell to
Ncrack test 3, 4 of 5 SSH servers in parallel ? I'm reading the SSH servers
from a list with -iL.


> > And using Ncrack with -v it works, however if we use -vv or -vvv (more
> > verbose) it doesn't brute force, it shows the help again. Maybe a bug?
>
> Yes, that is most likely a bug. I'll look into it.

Thanks.


> > You can do that interactively by pressing 'v' while Ncrack runs and it
> will display
> > more output (or press 'V' to decrease it). It is more or less similar to
> the way Nmap
> > works as far as interactive output is concerned. 'd' and 'D' also apply
> for more/less
> > debugging output.

Nice workaround. I will try it.

> > Indeed, implementing the OpenSSH library for Ncrack [1] has many
> advantages, but
> > as I said above, attacking several targets at once is an inherent
> capability of
> > Ncrack. You can even attack different services (e.g a SSH service of one
> host, and a FTP
> > service of another host) at the same time. See the man page for some
> examples.

I saw that on documentation.

Thanks for help.


> > That's all.
> >
> > Very nice tool.
> >
> > Thank you.
>
> Cheers,
> ithilgore
>
>
>
> [1]. http://sock-raw.org/papers/openssh_library
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/