Client has a ton of unix hosts, and they all have different passwords, and are not well-documented, and we need to secure them. Not wanting to root all of them or trying to type in a list of different possible passwords and accounts to try, you can use ncrack in an automated way to scan a network and test username and password combinations.
apt-get install build-essential checkinstall libssl-dev libssh-dev
tar xvfz ncrack-0.4ALPHA.tar.gz
sudo dpkg -i ncrack_0.4ALPHA-1_amd64.deb
Create a password list
For my purposes we had a list of passwords we could try. If you don’t have enough information to create a reasonable password list, you can grab a list of 500 passwords from skullsecurity.org.
Note that you can specify multiple user accounts to try as a comma separate list.
(Oh, and this is just sample output and not from one of our servers.)
ncrack -p 22 –user root -P 500-worst-passwords.txt 192.168.1.0/24
## sample output ##
Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-05 16:50 EST
Stats: 0:00:18 elapsed; 0 services completed (1 total)
Rate: 0.09; Found: 0; About 6.80% done; ETC: 16:54 (0:04:07 remaining)
Stats: 0:01:46 elapsed; 0 services completed (1 total)
Rate: 3.77; Found: 0; About 78.40% done; ETC: 16:52 (0:00:29 remaining)
Discovered credentials for ssh on 192.168.1.10 22/tcp:
192.168.1.10 22/tcp ssh: ‘root’ ‘toor’
Ncrack done: 1 service scanned in 138.03 seconds.