Ncrack
Zur Navigation springen
Zur Suche springen
ncrack
- ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104
Ausgabe für faraday
- ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104 -oX ncrack.xml
Lesen aus einer Datei und Attacke
- cat secure.local.list
10.0.10.1 10.0.10.102 10.0.10.103 10.0.10.104 10.0.10.105
- ncrack -v -iL secure.local.list -u xinux -P bad-passwords -p ssh CL=1
- ncrack -u xinux,martha,leroy -P bad-passwords -iL secure.local.list -p 22
Usefull commands in Ncrack
- Target specification
-iX: Input from Nmap’s -oX XML output format -iN: Input from Nmap’s -oN Normal output format -iL: Input from list of hosts/networks –exclude: Exclude hosts/networks –excludefile: Exclude list from file
Service specification:
-p: services will be applied to all non-standard notation hosts -m: options will be applied to all services of this type -g: options will be applied to every service globally
Authentication
-U: username file -P: password file –user: comma-separated username list –pass: comma-separated password list –passwords-first: Iterate password list for each username. Default is the opposite. –pairwise: Choose usernames and passwords in pairs.
Output:
-oN/-oX: Output scan in normal and XML format, respectively, to the given filename. -oA: Output in the two major formats at once -v: Increase verbosity level (use twice or more for greater effect)
Module:
SSH, RDP, FTP, Telnet, HTTP(S), WordPress, POP3(S), IMAP, CVS, SMB, VNC, SIP, Redis, PostgreSQL, MQTT, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA, DICOM