Nmap Development mailing list archives
Re: Ncrack question
From: ithilgore - <ithilgore.ryu.l () gmail com>
Date: Thu, 8 Sep 2011 04:43:32 +0300
On Tue, Aug 30, 2011 at 6:05 AM, Jeff Walzer <jeffreywalzer () gmail com> wrote:
What is the default number of attempts ncrack makes when specifying the default for a scan? Also for a default scan, how many usernames and password combos does ncrack use? Thx
For a default scan, Ncrack uses the default.usr and default.pwd files under the lists/ directory. There are 540 usernames and 4,999 passwords accordingly. So 4,999 * 540 = 2,699,460 combinations. As for the attempts, if you are asking about the authentication attempts per connection, then this is found out by the initial reconnaissance probe - an initial single connection is made to the target and Ncrack finds the maximum number of attempts per connection allowed by the service. This values is later used for this service, unless manually overridden by the -at timing option at startup. If you are asking about the number of attempts for a single username/password combination in case of a connection failure or other problem in the middle of the authentication, then a potentially unlimited amount of tries is made until this particular pair is validated correctly (meaning until the whole service authentication procedure takes place correctly without any failure). Regards, ithilgore _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncrack question Jeff Walzer (Aug 29)
- Re: Ncrack question ithilgore - (Sep 07)