Bulk Password Testing

Client has a ton of unix hosts, and they all have different passwords, and are not well-documented, and we need to secure them. Not wanting to root all of them or trying to type in a list of different possible passwords and accounts to try, you can use ncrack in an automated way to scan a network and test username and password combinations.

Install ncrack

apt-get install build-essential checkinstall libssl-dev  libssh-dev
wget http://nmap.org/ncrack/dist/ncrack-0.4ALPHA.tar.gz
tar xvfz ncrack-0.4ALPHA.tar.gz
cd ncrack-0.4ALPHA/

sudo checkinstall
sudo dpkg -i ncrack_0.4ALPHA-1_amd64.deb

Create a password list

For my purposes we had a list of passwords we could try. If you don’t have enough information to create a reasonable password list, you can grab a list of 500 passwords from skullsecurity.org.

wget http://downloads.skullsecurity.org/passwords/500-worst-passwords.txt

Run ncrack

Note that you can specify multiple user accounts to try as a comma separate list.

(Oh, and this is just sample output and not from one of our servers.)

ncrack -p 22 –user root -P 500-worst-passwords.txt

## sample output ##

Starting Ncrack 0.4ALPHA ( http://ncrack.org ) at 2011-05-05 16:50 EST
Stats: 0:00:18 elapsed; 0 services completed (1 total)
Rate: 0.09; Found: 0; About 6.80% done; ETC: 16:54 (0:04:07 remaining)
Stats: 0:01:46 elapsed; 0 services completed (1 total)
Rate: 3.77; Found: 0; About 78.40% done; ETC: 16:52 (0:00:29 remaining)

Discovered credentials for ssh on 22/tcp: 22/tcp ssh: ‘root’ ‘toor’

Ncrack done: 1 service scanned in 138.03 seconds.

Ncrack finished.


Leave a Reply

Your email address will not be published. Required fields are marked *