| Mobile| RSS

ncrack ALPHA, fuerza bruta multiprotocolo

viernes, 29 de enero de 2010 | Tags: | 13 Comentarios


Hasta ahora THC-Hydra o medusa eran las herramientas más comunes para hacer ataques de fuerza bruta contra protocolos comunes. Pero con la prematura llegada de ncrack, de los mismos autores que nmap, parece que nuevas posibilidades se abren.

Su desarrollo ha sido intensivo, ya que nace en el  Google Summer Of Code del año pasado. Pese a que actualmente es versión 0.01ALPHA, no hemos querido dejar escapar la oportunidad para ver qué pinta tiene. 

Por el momento solo soporta Telnet, FTP, SSH y HTTP, muy lejos aún otras opciones como las de medusa, aunque el dinamismo del grupo de Fyodor seguramente añada nuevas características pronto.

Las opciones son amplias y parecen algo complejas, aunque después de leer tranquilamente no tiene mayor dificultad:
Ncrack 0.01ALPHA ( http://ncrack.org )
Usage: ncrack [Options] {target specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iL <inputfilename>: Input from list of hosts/networks
--exclude <host1[,host2][,host3],...>: Exclude hosts/networks
--excludefile <exclude_file>: Exclude list from file
SERVICE SPECIFICATION:
Can pass target specific services in <service>://target (standard) notation or
using -p which will be applied to all hosts in non-standard notation.
Service arguments can be specified to be host-specific, type of service-specific
(-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000
Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl
-p <service-list>: services will be applied to all non-standard notation hosts
-m <service>:<options>: options will be applied to all services of this type
-g <options>: options will be applied to every service globally
Misc options:
ssl: enable SSL over this service
path <name>: used in modules like HTTP ('=' needs escaping if used)
TIMING AND PERFORMANCE:
Options which take <time> are in milliseconds, unless you append 's'
(seconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
Service-specific options:
cl (min connection limit): minimum number of concurrent parallel connections
CL (max connection limit): maximum number of concurrent parallel connections
at (authentication tries): authentication attempts per connection
cd (connection delay): delay <time> between each connection initiation
cr (connection retries): caps number of service connection attempts
to (time-out): maximum cracking <time> for service, regardless of success so far
-T<0-5>: Set timing template (higher is faster)
--connection-limit <number>: threshold for total concurrent connections
AUTHENTICATION:
-U <filename>: username file
-P <filename>: password file
--passwords-first: Iterate password list for each username. Default is opposite.
OUTPUT:
-oN/-oX <file>: Output scan in normal and XML format, respectively, to the given filename.
-oA <basename>: Output in the two major formats at once
-v: Increase verbosity level (use twice or more for greater effect)
-d[level]: Set or increase debugging level (Up to 10 is meaningful)
--nsock-trace <level>: Set nsock trace level (Valid range: 0 - 10)
--log-errors: Log errors/warnings to the normal-format output file
--append-output: Append to rather than clobber specified output files
MISC:
-6: Enable IPv6 cracking
-sL or --list: only list hosts and services
--datadir <dirname>: Specify custom Ncrack data file location
-V: Print version number
-h: Print this help summary page.
Llama la atención que dentro del directorio de diccionarios (denominado lists) se encuentran los usuarios y contraseñas  más típicas de webs de las que se han filtrado, como el de myspace o phpbb.

Las opciones de tiempos aseguran que se pueda especificar la mejor configuración para cada caso particular.


También se observa que el parámetro para definir el alcance está orientado a host o rangos de IPs, como ocurre con Nmap. Esto facilitará el trabajo en auditorías y ataques masivos en Internet.

El siguiente ejemplo se muestra la salida (con un resultado positivo) de la aplicación contra un servidor SSH en el puerto 444 de la dirección 192.168.0.3:
[aramosf@sbd ncrack]$ ./ncrack  ssh://192.168.0.3:444 -U usuarios -P pass
Warning: File ./usuarios exists, but Ncrack is using usuarios for security and consistency reasons. Set NCRACKDIR=. to give priority to files in your local directory (may affect the other data files too).

Starting Ncrack 0.01ALPHA ( http://ncrack.org ) at 2010-01-26 02:50 CET
Discovered credentials for ssh on 192.168.0.3 444/tcp:
192.168.0.3 444/tcp ssh: root Gold3nC4too

Ncrack done: 1 service scanned in 30.05 seconds.

Ncrack finished.

fuente http://www.securitybydefault.com/2010/01/ncrack-alpha-fuerza-bruta.html

13 Respondiendo
gravatar
Anónimo
on 18 de noviembre de 2010, 19:47  

Thanks for the blog info. I’d like to subscribe to your RSS. hispanic scholarships

thanxx
scholarships for hispanics

gravatar
Anónimo
on 20 de noviembre de 2010, 3:42  

My dad has been writing a book precisely on point with this blog, I have emailed him the web address so perhaps he could pick up a couple pointers. Fantastic Job.

thanxx

gravatar
Anónimo
on 20 de noviembre de 2010, 5:50  

Generally I do not post on blogs, but I would like to say that this post really forced me to do so! really nice post. >

thanxx

gravatar
Anónimo
on 20 de noviembre de 2010, 16:44  

I was really interested in this and glad I found the info here! thank

thanxx

gravatar
Anónimo
on 21 de noviembre de 2010, 3:59  

I agree with you.

thanxx

gravatar
Anónimo
on 23 de noviembre de 2010, 18:03  

I think we also deserve this . good point! school grants

thanxx

wireless reading device

gravatar
Anónimo
on 24 de noviembre de 2010, 0:51  

Generally I do not post on blogs, but I would like to say that this post really forced me to do so! really nice post. financial help

thanxx
single mother grants

gravatar
Anónimo
on 28 de noviembre de 2010, 2:54  

Very detailed info. I am very happy to I found this entry..

thanxxx
financial help

gravatar
Anónimo
on 1 de diciembre de 2010, 19:36  

I have just added this post to facebook

calendario 2011
thanxxx

gravatar
Anónimo
on 3 de diciembre de 2010, 15:04  

Wonderful blog! I definitely love how it’s easy on my eyes and also the data are well written. I am wondering how I might be notified whenever a new post has been made. I have subscribed to your rss feed which need to do the trick! Have a nice day!





newegg promo code

gravatar
Anónimo
on 7 de diciembre de 2010, 13:09  

I’m having a small issue I can’t get my reader to pickup your rss feed, I’m using google reader by the way.




school grants

gravatar
Anónimo
on 22 de diciembre de 2010, 17:14  

I agree with you.

gravatar
Anónimo
on 23 de diciembre de 2010, 21:50  

Aw, this was a really quality post. In theory I’d like to write like this too – taking time and real effort to make a good article… but what can I say… I procrastinate alot and never seem to get something done.

Publicar un comentario

Ciber Protesta

Blog Archive

Labels

Blogumulus by Roy Tanck and Amanda Fazani

Twitter