Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ncrack --resume option

From: David Fifield <david () bamsoftware com>
Date: Tue, 4 Aug 2009 13:46:13 -0600
On Fri, Jul 31, 2009 at 03:59:46PM +0300, ithilgore wrote:

Now, supporting the same thing in Ncrack is fairly easy, since parsing
that information from the log files isn't much work. However, Ncrack
is of different nature and a better approach would be to able to
continue from almost the exact moment that Ncrack was stopped. This
means that if a host had half the username/password list completed at
the time Ncrack is closed, then Ncrack will continue from cracking the
rest of the half username/password list when restarted with the
--resume option.

This provides maximum flexibility in our scans, however the
implementation now gets a lot more complex. To be able to attain that
level of state retrieval, Ncrack will have to dump nearly all current
information into a separate special file (which can be binary or text)
and then reparse it when it is resumed. Since, most of that
information is inside Ncrack's different Classes and that involves a
lot of dynamic memory (in addition to STL lists and vectors) it would
require an Object Serialization scheme.


Is that really so? How much state do you need? You will need to know the
original credentials list, the order in which it was being traversed,
and the number of times each authentication pair has been tried that
hasn't reached its maximum. You could even throw out the counts and
simply start from scratch any auth pair that hadn't been finished
completely.

I have probably missed some things. I think it you help if you made a
list of exactly what information is needed to restore a cracking
session. What do other password cracking programs do to store state?

Even if it takes a long time (tens of seconds) to rebuild internal data
structures from a little bit of saved state, that will be peanuts in any
cracking session long enough to make --resume necessary.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: