Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ncrack suggestion.

From: Richard Miles <richard.k.miles () googlemail com>
Date: Sun, 28 Mar 2010 15:44:04 -0500
Hi!

I found the problem. The linux kernel is killing Ncrack because it start to
eat so much memory, when it arrives near to 97% the linux kernel kill Ncrack
process to keep the Linux integrity.

I confirmed it looking at top command, it start with a few memory allocated,
but in a few minutes it start to eat, eat and eat more memory and never
release it.

The strange is that I was not using big wordlists, I was using the smallest
provided with Ncrack. I created a user wordlist with 5 entries and a
password wordlist with 10 entries and it worked fine - confirming the
problem.

I don't have idea why Ncrack eats so much memory, but for sure it make it
unusable in my cases like old machines, in virtual machines, embedded
devices, etc.

Should be very nice if you could do some workaround to make Ncrack work with
a normal memory allocation as all other applications, since Ncrack appears
as a promisor cracking tool.

Thank you

On Sat, Mar 27, 2010 at 11:25 PM, Richard Miles <
richard.k.miles () googlemail com> wrote:



Hi!



Can you rerun Ncrack with a -d10 switch so that we can see some debugging
output? Most probably, it's the famous SSHv1-not-supported-yet 'bug'. I
have already started working on it.




I think it's not the problem. I checked and all my ssh servers are only
supporting version 2. Below is the output, for me doesn't appear to have any
strange thing...

ssh://192.168.64.5:22 Pool: extract operator 12345

ssh://192.168.64.5:22 Initiating new Connection

ssh://192.168.64.5:22 pushed to list FULL

ssh://192.168.64.5:22 Pool: Append sysadm 12345

ssh://192.168.64.5:22 closed on us in the middle of authentication!

ssh://192.168.64.5:22 Connection closed by peer

ssh://192.168.64.5:22 Dropping connection limit due to connection error
to: 7

ssh://192.168.64.5:22 popped from list FULL

ssh://192.168.64.5:22 Attempts: total 569 completed 151 supported 2 ---
rate 8.20

ssh://192.168.64.5:22 Pool: extract cisco 12345

ssh://192.168.64.5:22 Initiating new Connection

ssh://192.168.64.5:22 pushed to list FULL

ssh://192.168.64.4:22 Pool: Append tech 111111

ssh://192.168.64.4:22 closed on us in the middle of authentication!

ssh://192.168.64.4:22 Connection closed by peer

ssh://192.168.64.4:22 Dropping connection limit due to connection error
to: 7

ssh://192.168.64.4:22 Attempts: total 665 completed 238 supported 2 ---
rate 7.19

ssh://192.168.64.5:22 Pool: Append postmaster 12345

ssh://192.168.64.5:22 closed on us in the middle of authentication!

ssh://192.168.64.5:22 Connection closed by peer

ssh://192.168.64.5:22 Dropping connection limit due to connection error
to: 7

ssh://192.168.64.5:22 popped from list FULL

ssh://192.168.64.5:22 Attempts: total 570 completed 151 supported 2 ---
rate 4.61

ssh://192.168.64.5:22 Pool: extract isp 12345

ssh://192.168.64.5:22 Initiating new Connection

ssh://192.168.64.5:22 pushed to list FULL

ssh://192.168.68.11:22 Login failed: tiger 654321

ssh://192.168.68.11:22 last: 0.00 current 0.00 parallelism 7

ssh://192.168.68.11:22 Increasing connection limit to: 10

ssh://192.168.68.11:22 Pool: Removed tiger 654321

ssh://192.168.68.11:22 Pool: extract sysadmin qazwsx

ssh://192.168.67.84:22 Login failed: adm qazwsx

ssh://192.168.67.84:22 last: 0.00 current 0.00 parallelism 10

ssh://192.168.67.84:22 Increasing connection limit to: 13

ssh://192.168.67.84:22 Pool: Removed adm qazwsx

ssh://192.168.67.84:22 popped from list FULL

ssh://192.168.67.84:22 Initiating new Connection

ssh://192.168.67.84:22 Initiating new Connection

ssh://192.168.67.84:22 Initiating new Connection

ssh://192.168.67.84:22 pushed to list FULL

ssh://192.168.67.84:22 Login failed: tech qazwsx

ssh://192.168.67.84:22 last: 0.00 current 0.00 parallelism 13

ssh://192.168.67.84:22 Increasing connection limit to: 16

ssh://192.168.67.84:22 popped from list FULL

ssh://192.168.67.84:22 Initiating new Connection

ssh://192.168.67.84:22 Initiating new Connection

ssh://192.168.67.84:22 Initiating new Connection

ssh://192.168.67.84:22 pushed to list FULL

ssh://192.168.33.8:22 Login failed: administrator qazwsx

ssh://192.168.33.8:22 last: 0.00 current 0.00 parallelism 13

ssh://192.168.33.8:22 Increasing connection limit to: 16

ssh://192.168.33.8:22 popped from list FULL

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 pushed to list FULL

ssh://192.168.33.8:22 Login failed: webadmin qazwsx

ssh://192.168.33.8:22 last: 0.00 current 0.00 parallelism 16

ssh://192.168.33.8:22 Increasing connection limit to: 19

ssh://192.168.33.8:22 popped from list FULL

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 pushed to list FULL

ssh://192.168.33.8:22 Login failed: sysadmin qazwsx

ssh://192.168.33.8:22 last: 0.00 current 0.00 parallelism 19

ssh://192.168.33.8:22 Increasing connection limit to: 22

ssh://192.168.33.8:22 popped from list FULL

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 Initiating new Connection

ssh://192.168.33.8:22 pushed to list FULL

ssh://192.168.33.8:22 Login failed: netadmin qazwsx

ssh://192.168.33.8:22 last: 0.00 current 0.00 parallelism 22

ssh://192.168.33.8:22 Increasing connection limit to: 25

ssh://192.168.33.8:22 popped from list FULL

ssh://192.168.33.8:22 Initiating new Connection

Killed

Any idea why it's happening?

Thanks.




Regards,
ithilgore





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: