Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: RFC on Ncrack, A new network authentication cracker
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Sun, 3 May 2009 22:34:51 -0500

Is the plan to include only online brute forcing or to also allow
offline banging against hashes?

The value of a brute force tool that you may only point at a live
service and hammer away with is dubious.  Services being penetrated
may be configured to properly limit the number of attempts coming from
a specific client.

This would be especially troublesome for trying to audit a live
Windows Active Directory.  That's something that would be a common
target, but would almost definitely lock you out pretty quickly.

If the offline cracking will be a feature, don't forget Rainbow
Tables!  Cain and Abel recently added the ability to use them and it
speeds things up considerably.

I think Ncrack is a wonderful idea.  Nmap is mature and actively
developed and has an awesome scripting engine.  I can't imagine what
it will be used for next.


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]