Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [ncrack] Exclude accounts
From: ithilgore - <ithilgore.ryu.l () gmail com>
Date: Thu, 21 Apr 2011 22:33:29 +0300

On Thu, Apr 21, 2011 at 9:10 PM, ambarisha b <b.ambarisha () gmail com> wrote:
Hi,

With ncrack, is there a way to avoid trying out all the passwords on
"anonymous" account for anonymous ftp? Perhaps, an option to exclude
some accounts?

Ambarisha


Hello Ambarisha.
As of now there is no automatic way of excluding specific usernames or
passwords, other than removing them explicitly from the equivalent
list files. However, the task of handling specifically 'anonymous'
accounts is already in the TODO list:

* Handle username validation for services.  For example, if an FTP
  server is anon only or if we enumerate SMB users, or some service
  gives a user does not exist error, we should probably not waste time
  trying to crack such users against those services.  We need to
  figure out how this works when multiple services/hosts are being
  cracked at the same time.



Regards,
ithilgore
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]