Ncrack: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→ncrack) |
|||
| Zeile 12: | Zeile 12: | ||
*ncrack -v -iL secure.local --user xinux -P bad-passwords -p ssh CL=1 | *ncrack -v -iL secure.local --user xinux -P bad-passwords -p ssh CL=1 | ||
| + | |||
| + | =Usefull commands in Ncrack 💯👇🏽 | ||
| + | ;Target specification: | ||
| + | -iX: Input from Nmap’s -oX XML output format | ||
| + | -iN: Input from Nmap’s -oN Normal output format | ||
| + | -iL: Input from list of hosts/networks | ||
| + | –exclude: Exclude hosts/networks | ||
| + | –excludefile: Exclude list from file | ||
| + | |||
| + | =Service specification:= | ||
| + | |||
| + | -p: services will be applied to all non-standard notation hosts | ||
| + | -m: options will be applied to all services of this type | ||
| + | -g: options will be applied to every service globally | ||
| + | |||
| + | =Authentication= | ||
| + | |||
| + | -U: username file | ||
| + | -P: password file | ||
| + | –user: comma-separated username list | ||
| + | –pass: comma-separated password list | ||
| + | –passwords-first: Iterate password list for each username. Default is the opposite. | ||
| + | –pairwise: Choose usernames and passwords in pairs. | ||
| + | |||
| + | =Output:= | ||
| + | |||
| + | -oN/-oX: Output scan in normal and XML format, respectively, to the given filename. | ||
| + | -oA: Output in the two major formats at once | ||
| + | -v: Increase verbosity level (use twice or more for greater effect) | ||
| + | |||
| + | =Module:= | ||
| + | |||
| + | SSH, RDP, FTP, Telnet, HTTP(S), WordPress, POP3(S), IMAP, CVS, SMB, VNC, SIP, Redis, PostgreSQL, MQTT, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA, DICOM | ||
Version vom 16. Oktober 2022, 17:57 Uhr
ncrack
- ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104
Ausgabe für faraday
- ncrack -p 22 --user xinux -P bad-passwords 10.0.10.104 -oX ncrack.xml
Lesen aus einer Datei und Attacke
- cat secure.local
10.0.10.1 10.0.10.102 10.0.10.103 10.0.10.104 10.0.10.105
- ncrack -v -iL secure.local --user xinux -P bad-passwords -p ssh CL=1
=Usefull commands in Ncrack 💯👇🏽
- Target specification
-iX: Input from Nmap’s -oX XML output format -iN: Input from Nmap’s -oN Normal output format -iL: Input from list of hosts/networks –exclude: Exclude hosts/networks –excludefile: Exclude list from file
Service specification:
-p: services will be applied to all non-standard notation hosts -m: options will be applied to all services of this type -g: options will be applied to every service globally
Authentication
-U: username file -P: password file –user: comma-separated username list –pass: comma-separated password list –passwords-first: Iterate password list for each username. Default is the opposite. –pairwise: Choose usernames and passwords in pairs.
Output:
-oN/-oX: Output scan in normal and XML format, respectively, to the given filename. -oA: Output in the two major formats at once -v: Increase verbosity level (use twice or more for greater effect)
Module:
SSH, RDP, FTP, Telnet, HTTP(S), WordPress, POP3(S), IMAP, CVS, SMB, VNC, SIP, Redis, PostgreSQL, MQTT, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA, DICOM