Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [ncrack] Exclude accounts
From: ambarisha b <b.ambarisha () gmail com>
Date: Fri, 22 Apr 2011 02:00:19 +0530

Right. I think we should also have a command line parameter to
manually exclude user accounts along with an automatic way. It will
give a finer control over which user accounts are tried. There might
be an account on the target box that I don't want to force or don't
want to get stuck at. Correct me if I am wrong, but the accounts are
tried in the order that they are listed. So, if I want to crack an
account that comes below one which I can afford to skip, I won't have
to wait. What do you say?


On Fri, Apr 22, 2011 at 1:03 AM, ithilgore - <ithilgore.ryu.l () gmail com> wrote:
On Thu, Apr 21, 2011 at 9:10 PM, ambarisha b <b.ambarisha () gmail com> wrote:

With ncrack, is there a way to avoid trying out all the passwords on
"anonymous" account for anonymous ftp? Perhaps, an option to exclude
some accounts?


Hello Ambarisha.
As of now there is no automatic way of excluding specific usernames or
passwords, other than removing them explicitly from the equivalent
list files. However, the task of handling specifically 'anonymous'
accounts is already in the TODO list:

* Handle username validation for services.  For example, if an FTP
 server is anon only or if we enumerate SMB users, or some service
 gives a user does not exist error, we should probably not waste time
 trying to crack such users against those services.  We need to
 figure out how this works when multiple services/hosts are being
 cracked at the same time.


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]