Re: telnet cracking using ncrack

["ithilgore.ryu.l" <ithilgore.ryu.l () gmail com>]

On Wed, Oct 5, 2011 at 4:00 PM, Martin T <m4rtntns () gmail com> wrote:
> Hello,
> I tried ncrack on my Cisco WS-C2950T-24 switch. As you can see, port
> 23(telnet) listens:
>
> <<<<<
> [root@ ~]# nmap -np23 -PN --reason 10.10.10.1
>
> Starting Nmap 5.51 ( http://nmap.org ) at 2011-10-05 15:05 EEST
> Nmap scan report for 10.10.10.1
> Host is up, received user-set (0.020s latency).
> PORT   STATE SERVICE REASON
> 23/tcp open  telnet  syn-ack
>
> Nmap done: 1 IP address (1 host up) scanned in 0.32 seconds
> [root@ ~]#
> > > > > >
>
> Telnet username "admin" and password "testpass" are valid and tested.
> As I understand, ncrack discovers credentials:
>
> <<<<<
> [root@ ~]# ncrack -v --user admin --pass testpass 10.10.10.1 -p telnet
>
> Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-10-05 15:05 EEST
>
> Discovered credentials on telnet://10.10.10.1:23 'admin' 'testpass'
> telnet://10.10.10.1:23 finished.
>
> Discovered credentials for telnet on 10.10.10.1 23/tcp:
> 10.10.10.1 23/tcp telnet: 'admin' 'testpass'
>
> Ncrack done: 1 service scanned in 3.00 seconds.
> Probes sent: 1 | timed-out: 0 | prematurely-closed: 0
>
> Ncrack finished.
> [root@ ~]#
> > > > > >
>
>
> ..but results are exactly the same if I specify for example wrong password:
>
> <<<<<
> [root@ ~]# ncrack -v --user admin --pass testpasssadsadafsadf
> 10.10.10.1 -p telnet
>
> Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-10-05 15:46 EEST
>
> Discovered credentials on telnet://10.10.10.1:23 'admin' 'testpasssadsadafsadf'
> telnet://10.10.10.1:23 finished.
>
> Discovered credentials for telnet on 10.10.10.1 23/tcp:
> 10.10.10.1 23/tcp telnet: 'admin' 'testpasssadsadafsadf'
>
> Ncrack done: 1 service scanned in 3.00 seconds.
> Probes sent: 1 | timed-out: 0 | prematurely-closed: 0
>
> Ncrack finished.
> [root@ ~]#
> > > > > >
>
> Why ncrack accepts "testpasssadsadafsadf" as a valid password?
>
>
> regards,
> martin
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


Hello there,
can you please provide a pcap file of the above telnet session?
Regards,
ithilgore

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------