Nmap Development mailing list archives
Re: Ncrack 0.01ALPHA released
From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Tue, 11 Aug 2009 03:17:37 +0300
Toni Ruottu wrote:
Here is a story about me taking my first steps with ncrack: I try running ncrack with simply ./ncrack to get the help message. "Usage: ncrack [Options] {target specification}" makes me think I only need to define target specification, and everything else is optional. However part labeled "TARGET SPECIFICATION" doesn't discus services. So when I try running it against a local machine with ./ncrack 192.168.1.13 I get an error for not defining a service. After reading service specification section I manage to define the service, and ncrack starts happily cracking the box.
Probably, the usage line should be changed to explicitly mention that a service specification is needed, though I think that it is fairly obvious since Ncrack is not a port scanner and specifically needs some particular service (or services) to attack.
Then I decide I want to define a user name so ncrack does not need to brute force both user name and password. I realize that my user names are not too cryptic, and someone personally attacking me will probably be able to guess them. I run "./ncrack" again to see how I could define a user. All I find is option -U for reading user names from a file. I do "echo mylogin > users" and run "./ncrack -U users ssh://192.168.1.13". Now ncrack tells me I'm being inconsistent and that I should set NCRACKDIR to . in order to be consistent.
The message displayed lets Ncrack continue to run though. Running it as ./ncrack -U ./users would be enough to stop that message from appearing. However, indeed some changes should be made so that the message is more clear and not displayed when it shouldn't. Thanks for spotting that.
I think there might be a collision and rename the file to users2. This doesn't help, so I run "NCRACKDIR=. ./ncrack -U users2 ssh://192.168.1.13", but the message does not go away. Then I notice the option for setting data dir. So I try running "./ncrack --datadir . -U users2 ssh://192.168.1.13". This doesn't work either, so I give up and stop trying.
Actually, I just tried running it the way you did, and it runs normally with the -U users file taken from the current directory with no problem. The misleading thing in this whole situation was that Warning message, which will now be changed to account for this case. Thanks for your comments. Regards, ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Ncrack 0.01ALPHA released ithilgore (Aug 10)
- Re: Ncrack 0.01ALPHA released Toni Ruottu (Aug 10)
- Re: Ncrack 0.01ALPHA released ithilgore (Aug 10)
- Re: Ncrack 0.01ALPHA released ithilgore (Aug 10)
- Re: Ncrack 0.01ALPHA released ithilgore (Aug 10)
- Re: Ncrack 0.01ALPHA released Toni Ruottu (Aug 10)
- Re: Ncrack 0.01ALPHA released ithilgore (Aug 10)
- Re: Ncrack 0.01ALPHA released ithilgore (Aug 10)
- Re: Ncrack 0.01ALPHA released Toni Ruottu (Aug 10)
- Re: Ncrack 0.01ALPHA released ithilgore (Aug 10)
- Re: Ncrack 0.01ALPHA released Toni Ruottu (Aug 10)