Ncrack is a high-speed network
authentication cracking tool. It was built to help companies secure
their networks by proactively testing all their hosts and networking
devices for poor passwords. Security professionals also rely on Ncrack
when auditing their clients. Ncrack was designed using a modular
approach, a command-line syntax similar to Nmap and a dynamic engine
that can adapt its behaviour based on network feedback. It allows for
rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack’s features include a very flexible interface granting the user
full control of network operations, allowing for very sophisticated
bruteforcing attacks, timing templates for ease of use, runtime
interaction similar to Nmap’s and many more. Protocols supported include
RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.Source: http://nmap.org/ncrack/
Ncrack Homepage | Kali Ncrack Repo
- Author: Insecure.Com LLC
- License: GPLv2
Tools included in the ncrack package
ncrack – High-speed network authentication cracking tool
root@kali:~# ncrack -h
Ncrack 0.4ALPHA ( http://ncrack.org )
Usage: ncrack [Options] {target and service specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iX: Input from Nmap's -oX XML output format
-iN: Input from Nmap's -oN Normal output format
-iL: Input from list of hosts/networks
--exclude: Exclude hosts/networks
--excludefile: Exclude list from file
SERVICE SPECIFICATION:
Can pass target specific services in://target (standard) notation or
using -p which will be applied to all hosts in non-standard notation.
Service arguments can be specified to be host-specific, type of service-specific
(-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000
Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl
-p: services will be applied to all non-standard notation hosts
-m:: options will be applied to all services of this type
-g: options will be applied to every service globally
Misc options:
ssl: enable SSL over this service
path: used in modules like HTTP ('=' needs escaping if used)
TIMING AND PERFORMANCE:
Options which take
Ncrack 0.4ALPHA ( http://ncrack.org )
Usage: ncrack [Options] {target and service specification}
TARGET SPECIFICATION:
Can pass hostnames, IP addresses, networks, etc.
Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
-iX
-iN
-iL
--exclude
--excludefile
SERVICE SPECIFICATION:
Can pass target specific services in
using -p which will be applied to all hosts in non-standard notation.
Service arguments can be specified to be host-specific, type of service-specific
(-m) or global (-g). Ex: ssh://10.0.0.10,at=10,cl=30 -m ssh:at=50 -g cd=3000
Ex2: ncrack -p ssh,ftp:3500,25 10.0.0.10 scanme.nmap.org google.com:80,ssl
-p
-m
-g
Misc options:
ssl: enable SSL over this service
path
TIMING AND PERFORMANCE:
Options which take
ncrack Usage Example
Use verbose mode (-v), read a list of IP addresses (-iL win.txt), and attempt to login with the username victim (–user victim) along with the passwords in a dictionary (-P passes.txt) using the RDP protocol (-p rdp) with a one connection at a time (CL=1):
root@kali:~# ncrack -v -iL win.txt --user victim -P passes.txt -p rdp CL=1
Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2014-05-19 09:54 EDT
rdp://192.168.1.220:3389 finished.
Discovered credentials on rdp://192.168.1.200:3389 'victim' 's3cr3t'
Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2014-05-19 09:54 EDT
rdp://192.168.1.220:3389 finished.
Discovered credentials on rdp://192.168.1.200:3389 'victim' 's3cr3t'
