Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack comes pre-installed with Kali Linux.
During penetration testing sometimes we got sometimes we got some port opened on some web application. Ports are open for using services. Services like SSH, FTP, HTTP, SMTP etc. We usually use nmap to scan a network.
We can see in the above nmap scan result, this network's SSH and FTP ports are opened (port 21 and 22). If we can login through SSH then we got the terminal of the system and if we login through FTP then we got the file manager of the system.
We can try various tools to crack them like Hydra. But in this article we are going to learn about Ncrack.
Firstly we run following command to check the helps of Ncrack. Ncrack uses brute force attacks to crack network credentials. We have found lots of network admins using default or easy password, we can crack them using Ncrack in minutes.
ncrack --helpWe can see a very big list of options in the help section as we can see in the following screenshot:
Without going much deeper let's check an basic example of Ncrack brute force attack.
To use Ncrack against a service we can use following command:
ncrack -U path/of/usernamelist -P path/of/passwordlist <ip address or domain name>:port -vSo, if we want to attack on our localhost target using real username and password list, then our command will be following:
ncrack -U /usr/share/seclists/Usernames/top-usernames-shortlist.txt -P /usr/share/seclists/Passwords/Common-Credentials/top-20-common-SSH-passwords.txt 192.168.43.205:21 -vHere we have used infamous SecLists, which comes preinstalled with Kali Linux. The output we can see in the following screenshot:
In the above screenshot, we can see that Ncrack successfully cracked the credentials. The credentials are username:admin, password:password. Not only our target but there are also lots of users around the world still using default or easy passwords.
Ncrack also comes with a default (small) username and password list to attack. To use it we can use the following command:
ncrack 192.168.225.51:21 -vThis command will use the default password list that comes with Ncrack. It has some default username and password lists. The screenshot is following:
If we need to run Ncrack's brute force attack against ssh (port 22) then we can use the following command:
ncrack whatsapp5.com:22 -vWe can find other Ncrack commands using ncrack --help command.
This is the way we can find low-security usernames and passwords of FTP, SSH, web server or web application.
Comentarios