Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: RFC on Ncrack, A new network authentication cracker
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Sun, 3 May 2009 22:34:51 -0500

Is the plan to include only online brute forcing or to also allow
offline banging against hashes?

The value of a brute force tool that you may only point at a live
service and hammer away with is dubious.  Services being penetrated
may be configured to properly limit the number of attempts coming from
a specific client.

This would be especially troublesome for trying to audit a live
Windows Active Directory.  That's something that would be a common
target, but would almost definitely lock you out pretty quickly.

If the offline cracking will be a feature, don't forget Rainbow
Tables!  Cain and Abel recently added the ability to use them and it
speeds things up considerably.

I think Ncrack is a wonderful idea.  Nmap is mature and actively
developed and has an awesome scripting engine.  I can't imagine what
it will be used for next.

-Jason

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault