Re: Ncrack: -iX, -iN input from Nmap

[ithilgore <ithilgore.ryu.l () gmail com>]

David Fifield wrote:
> On Wed, Aug 26, 2009 at 06:11:02PM +0300, ithilgore wrote:
> > I just finished implementing two new options for Ncrack: -iX and -iN.
> > These options let the user specify the attacked targets/services using
> > Nmap's XML and Normal output files correspondingly. Ncrack is going
> > to parse Nmap's output file and will see which ports are open and to which
> > hostnames/IP-addresses these ports correspond so that 
> > it uses these as its targets. In addition, if Nmap's version detection
> > is enabled, Ncrack is also going to use this additional info to crack
> > services that listen on non-default ports. For example, there might
> > be a SSH Service listening on a port other than 22, which Nmap's version
> > detection is probably going to detect. That information is stored in Nmap's output
> > files and is consequently used by Ncrack to deduce which module to use for
> > those non-default-port services. If a service is not supported by Ncrack's modules,
> > it is going to be ignored.
> >
> > I have tested both options against a variety of files, however more testing
> > is going to be needed, especially with the -iN option since Nmap's -oN format
> > is more loose than the XML one. 
>
> There seems to be something wrong with extraports handling in -iX.
> Ncrack finds the ssh service with
>
> # nmap localhost
> <ports><extraports state="closed" count="997">
> <extrareasons reason="resets" count="997"/>
> </extraports>
> <port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ssh" 
> method="table" conf="3" /></port>
> <port protocol="tcp" portid="631"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ipp" 
> method="table" conf="3" /></port>
> <port protocol="tcp" portid="6000"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="X11" 
> method="table" conf="3" /></port>
> </ports>
>
> But it doesn't work with
>
> # nmap -p 22 localhost
> <ports><port protocol="tcp" portid="22"><state state="open" reason="syn-ack" reason_ttl="64"/><service name="ssh" 
> method="table" conf="3" /></port>
> </ports>
> No services specified!
> QUITTING!


Thanks for reporting this. I just fixed it.


> Opening an XML file in Zenmap and saving it again changes the file
> format enough that it's not recognized.
>
> $ ncrack -iX zenmap.xml -v -v localhost
> -iX file doesn't seem to be in Nmap's XML output format option -oX <filename>!

I corrected that issue too, but there is another more serious problem. Zenmap's XML file
doesn't use newlines between certain tag sections, something which Nmap does and Ncrack's XML parser
uses in order to function. Is there any reason for this inconsistency between Zenmap and Nmap? 
I would suggest that Zenmap's XML file has the same format as Nmap with the newlines in place.

Regards,
ithilgore


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org