Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Ncrack command-line reloaded
From: Toni Ruottu <toni.ruottu () gmail com>
Date: Thu, 28 May 2009 00:20:38 +0300

Hosts will usually be specified in the following format:
<service>://<IP or hostname>:<optional non-default
port>?arg1=arg1val,arg2=arg2val

e.g  ssh://10.0.0.10:3000?cl=50,al=20


I think there is lots of problems with this design. Most importantly you are
giving new meanings to standard url's. Also the parameters are not
parameters related to the protocol, but to an external piece of software.
The target specification looking like an url immediately raises questions,
like "Can I point ncrack at a website and get the login cracked?" and "What
happens, if I supply login credentials as part of the url? (e.g.
http://account () host com/)"

Web logins are probably the most common type of login these days and the url
notations implies that ncrack would be able to hack them, yet I have
understood that it is not a heuristic that crawls the page for potential
authentication web forms to try different passwords at, but rather something
that tries to crack the http authentication. Some day the feature for
cracking web forms might still be implemented. The first version might
require the user to provide an actual url and mark the locations of wild
cards (i.e. user account and/or password) in that url.

Regarding mere layout, the description for the url implies : is compulsory,
which I don't think is intentional. Also, usually url parameters are
separated by & and not ,. Originally urls were used for identifying network
"locations". As years has passed the meaning of a location has blurred a
lot. I'm not sure password cracking results are a good result for probing a
location, but I do realize some people want to use urls for all kinds of
different purposes, and I guess in some cases that might be ok. In such a
case considering URNs and URIs as alternatives for URLs might be a good
idea.

For these reasons I suggest that, if you decide to go with a url, create a
new proper ncrack url scheme.
Maybe something like
ncrack://10.0.0.10:3000?protocol=ssh&cl=50&al=20<http://10.0.0.10:3000/?cl=50,al=20>in
respect of your current ideas.

  may the lockpicks be with you --Toni

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault