Nmap Development mailing list archives
Re: Ncrack --resume option
From: David Fifield <david () bamsoftware com>
Date: Tue, 4 Aug 2009 13:46:13 -0600
On Fri, Jul 31, 2009 at 03:59:46PM +0300, ithilgore wrote:
Now, supporting the same thing in Ncrack is fairly easy, since parsing that information from the log files isn't much work. However, Ncrack is of different nature and a better approach would be to able to continue from almost the exact moment that Ncrack was stopped. This means that if a host had half the username/password list completed at the time Ncrack is closed, then Ncrack will continue from cracking the rest of the half username/password list when restarted with the --resume option. This provides maximum flexibility in our scans, however the implementation now gets a lot more complex. To be able to attain that level of state retrieval, Ncrack will have to dump nearly all current information into a separate special file (which can be binary or text) and then reparse it when it is resumed. Since, most of that information is inside Ncrack's different Classes and that involves a lot of dynamic memory (in addition to STL lists and vectors) it would require an Object Serialization scheme.
Is that really so? How much state do you need? You will need to know the original credentials list, the order in which it was being traversed, and the number of times each authentication pair has been tried that hasn't reached its maximum. You could even throw out the counts and simply start from scratch any auth pair that hadn't been finished completely. I have probably missed some things. I think it you help if you made a list of exactly what information is needed to restore a cracking session. What do other password cracking programs do to store state? Even if it takes a long time (tens of seconds) to rebuild internal data structures from a little bit of saved state, that will be peanuts in any cracking session long enough to make --resume necessary. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncrack --resume option ithilgore (Jul 31)
- Re: Ncrack --resume option Henri Salo (Jul 31)
- Re: Ncrack --resume option joewoe (Aug 04)
- Re: Ncrack --resume option Michael Pattrick (Aug 04)
- Re: Ncrack --resume option ithilgore (Aug 04)
- Re: Ncrack --resume option David Fifield (Aug 04)
- Re: Ncrack --resume option ithilgore (Aug 04)
- Re: Ncrack --resume option David Fifield (Aug 04)