Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [ncrack] Exclude accounts

From: ithilgore - <ithilgore.ryu.l () gmail com>
Date: Thu, 21 Apr 2011 22:33:29 +0300
On Thu, Apr 21, 2011 at 9:10 PM, ambarisha b <b.ambarisha () gmail com> wrote:

Hi,

With ncrack, is there a way to avoid trying out all the passwords on
"anonymous" account for anonymous ftp? Perhaps, an option to exclude
some accounts?

Ambarisha



Hello Ambarisha.
As of now there is no automatic way of excluding specific usernames or
passwords, other than removing them explicitly from the equivalent
list files. However, the task of handling specifically 'anonymous'
accounts is already in the TODO list:

* Handle username validation for services.  For example, if an FTP
  server is anon only or if we enumerate SMB users, or some service
  gives a user does not exist error, we should probably not waste time
  trying to crack such users against those services.  We need to
  figure out how this works when multiple services/hosts are being
  cracked at the same time.



Regards,
ithilgore
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: