Compile and Install Ncrack 0.4 Alpha on Debian Wheezy

Testing a private network host for poor passwords with Ncrack. 

What is Ncrack?

Ncrack is a cross-platform high-speed network authentication cracking tool. It was built to help human beings secure their networks by proactively testing their hosts and networking devices for poor passwords.

Ncrack supports the following protocols: RDP, SSH, HTTP(S), SMB, POP3(S), VNC, FTP, and telnet.

Disclaimer

This article is for educational purposes only. An excerpt from the Computer Misuse Act 1990:

A person is guilty of an offence if:

  1. he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured;
  2. the access he intends to secure, or to enable to be secured, is unauthorised; and
  3. he knows at the time when he causes the computer to perform the function that that is the case.

Installation

Install build essentials and encryption libraries:

# apt-get install build-essential checkinstall libssl-dev libssh-dev

Download Ncrack archive package:

# cd ~ && wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz

Extract the tarball:

# tar -xzvf ncrack-0.4ALPHA.tar.gz && cd ncrack-0.4ALPHA

Configure:

# ./configure
[...]
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h     
Configuration complete.  Type make (or gmake on some *BSD machines) to compile.

Compile the source:

# make
...
Ncrack compiled successfully!
make[1]: Leaving directory `/root/ncrack-0.4ALPHA'

Create some directories:

# mkdir /usr/local/share/ncrack /usr/local/share/man/man1

Create and install Ncrack Debian package:

# checkinstall -D --nodoc -y
Done. The new package has been installed and saved to
/root/ncrack-0.4ALPHA/ncrack_0.4ALPHA-1_i386.deb

Check installation status:

# dpkg -s ncrack
Package: ncrack
Status: install ok installed
Priority: extra
Section: checkinstall
Installed-Size: 1304
Maintainer: [email protected]
Architecture: i386
Version: 0.4ALPHA-1
Provides: ncrack
Description: Package created with checkinstall 1.6.2

Usage (with SSH)

SSH penetration testing is likely one the most common Ncrack usage areas. As an example, we are going to use Ncrack to check for weak regular users’ SSH passwords.

As you may remember, the Adobe password leak revealed the most commonly used passwords. We’re going to use the top 100 of them today.

Download a list of top 100 leaked Adobe passwords:

# cd ~ && wget http://stricture-group.com/files/adobe-top100.txt

The below command extracts and sorts the password column only so we can use records for Ncrack:

# sed '/^[1-9]/!d' adobe-top100.txt | cut -d= -f2-3 | \
sed -e 's/^[ \t]*//' -e 's/^=[ \t]*//'|sort > p.txt

The output file containing the top 100 passwords is called p.txt. We can now check if our regular user sandy is using one of these poor passwords. For simplicity purposes, we use localhost address here, however, the same approach applies to any host address:

# ncrack -v -f --user sandy -P p.txt ssh://127.0.0.1:12,CL=1

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2014-05-10 16:36 BST

Discovered credentials on ssh://127.0.0.1:12 'sandy' 'abcd1234'
ssh://127.0.0.1:12 finished.

Discovered credentials for ssh on 127.0.0.1 12/tcp:
127.0.0.1 12/tcp ssh: 'sandy' 'abcd1234'

Ncrack done: 1 service scanned in 30.01 seconds.
Probes sent: 7 | timed-out: 0 | prematurely-closed: 0

Ncrack finished.

Parameters that were used:

  1. -v: increase verbosity level (use twice or more for greater effect).
  2. -f: quit cracking service after one found credential.
  3. – -user: comma-separated username list.
  4. -P: password file.
  5. CL: maximum number of concurrent parallel connections.
  6. [service-name]://target:[port-number]: self explanatory.

Check the man page for more options available and, well, use your imagination when testing personal systems.

Leave a Reply

Your email address will not be published. Required fields are marked *