Re: Ncrack question

[ithilgore - <ithilgore.ryu.l () gmail com>]

On Tue, Aug 30, 2011 at 6:05 AM, Jeff Walzer <jeffreywalzer () gmail com> wrote:
> What is the default number of attempts ncrack makes when specifying the
> default for a scan? Also for a default scan, how many usernames and password
> combos does ncrack use?
>
> Thx

For a default scan, Ncrack uses the default.usr and default.pwd files
under the lists/ directory. There are 540 usernames and 4,999
passwords accordingly. So 4,999 * 540 = 2,699,460 combinations.

As for the attempts, if you are asking about the authentication
attempts per connection, then this is found out by the initial
reconnaissance probe - an initial single connection is made to the
target and Ncrack finds the maximum number of attempts per connection
allowed by the service. This values is later used for this service,
unless manually overridden by the -at timing option at startup.
If you are asking about the number of attempts for a single
username/password combination in case of a connection failure or other
problem in the middle of the authentication, then a potentially
unlimited amount of tries is made until this particular pair is
validated correctly (meaning until the whole service authentication
procedure takes place correctly without any failure).

Regards,
ithilgore
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/