Ncrack: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (4 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=ncrack= | =ncrack= | ||
*ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104 | *ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104 | ||
| − | + | =Ausgabe für faraday= | |
*ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104 -oX ncrack.xml | *ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104 -oX ncrack.xml | ||
| + | =Lesen aus einer Datei und Attacke= | ||
| + | *cat secure.local.list | ||
| + | 10.0.10.1 | ||
| + | 10.0.10.102 | ||
| + | 10.0.10.103 | ||
| + | 10.0.10.104 | ||
| + | 10.0.10.105 | ||
| + | |||
| + | *ncrack -v -iL secure.local.list -u xinux -P bad-passwords -p ssh CL=1 | ||
| + | *ncrack -u xinux,martha,leroy -P bad-passwords -iL secure.local.list -p 22 | ||
| + | |||
| + | =Usefull commands in Ncrack= | ||
| + | ;Target specification: | ||
| + | -iX: Input from Nmap’s -oX XML output format | ||
| + | -iN: Input from Nmap’s -oN Normal output format | ||
| + | -iL: Input from list of hosts/networks | ||
| + | –exclude: Exclude hosts/networks | ||
| + | –excludefile: Exclude list from file | ||
| + | |||
| + | =Service specification:= | ||
| + | |||
| + | -p: services will be applied to all non-standard notation hosts | ||
| + | -m: options will be applied to all services of this type | ||
| + | -g: options will be applied to every service globally | ||
| + | |||
| + | =Authentication= | ||
| + | |||
| + | -U: username file | ||
| + | -P: password file | ||
| + | –user: comma-separated username list | ||
| + | –pass: comma-separated password list | ||
| + | –passwords-first: Iterate password list for each username. Default is the opposite. | ||
| + | –pairwise: Choose usernames and passwords in pairs. | ||
| + | |||
| + | =Output:= | ||
| + | |||
| + | -oN/-oX: Output scan in normal and XML format, respectively, to the given filename. | ||
| + | -oA: Output in the two major formats at once | ||
| + | -v: Increase verbosity level (use twice or more for greater effect) | ||
| + | |||
| + | =Module:= | ||
| + | |||
| + | SSH, RDP, FTP, Telnet, HTTP(S), WordPress, POP3(S), IMAP, CVS, SMB, VNC, SIP, Redis, PostgreSQL, MQTT, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA, DICOM | ||
Aktuelle Version vom 16. Oktober 2022, 18:04 Uhr
ncrack
- ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104
Ausgabe für faraday
- ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104 -oX ncrack.xml
Lesen aus einer Datei und Attacke
- cat secure.local.list
10.0.10.1 10.0.10.102 10.0.10.103 10.0.10.104 10.0.10.105
- ncrack -v -iL secure.local.list -u xinux -P bad-passwords -p ssh CL=1
- ncrack -u xinux,martha,leroy -P bad-passwords -iL secure.local.list -p 22
Usefull commands in Ncrack
- Target specification
-iX: Input from Nmap’s -oX XML output format -iN: Input from Nmap’s -oN Normal output format -iL: Input from list of hosts/networks –exclude: Exclude hosts/networks –excludefile: Exclude list from file
Service specification:
-p: services will be applied to all non-standard notation hosts -m: options will be applied to all services of this type -g: options will be applied to every service globally
Authentication
-U: username file -P: password file –user: comma-separated username list –pass: comma-separated password list –passwords-first: Iterate password list for each username. Default is the opposite. –pairwise: Choose usernames and passwords in pairs.
Output:
-oN/-oX: Output scan in normal and XML format, respectively, to the given filename. -oA: Output in the two major formats at once -v: Increase verbosity level (use twice or more for greater effect)
Module:
SSH, RDP, FTP, Telnet, HTTP(S), WordPress, POP3(S), IMAP, CVS, SMB, VNC, SIP, Redis, PostgreSQL, MQTT, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA, DICOM