ncrack icon indicating copy to clipboard operation
ncrack copied to clipboard
verified publisher icon nmap

Manual can log in, but blasting fails

Open FeeiCN opened this issue 9 years ago • 5 comments 

ssh://172.17.4.27:10022 finished.
ssh://172.17.4.28:10022 finished.
ssh://172.17.4.31:10022 finished.
ssh://172.17.4.32:10022 finished.
ssh://172.17.4.33:10022 finished.

IP 172.17.4.29、172.17.4.29 not in the list, but in fact can use the blasting account password login.

$ ssh [email protected] -p10022
The authenticity of host '[172.17.4.29]:10022 ([172.17.4.29]:10022)' can't be established.
RSA key fingerprint is 78:d8:22:28:0a:ad:a3:fe:xx:xx:xx:xx:xx:ee:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[172.17.4.29]:10022' (RSA) to the list of known hosts.
[email protected]'s password:
Last login: Thu Dec  8 03:09:46 2016 from 172.17.15.137
[root@localhost ~]# exit
logout
Connection to 172.17.4.29 closed.

FeeiCN avatar Dec 08 '16 03:12 FeeiCN

I don't understand what is the issue here. Care to elaborate a little bit more?

ithilgore avatar Dec 08 '16 03:12 ithilgore 

ncrack -p ssh:10022 172.17.4.0/24 -v1 --user root --pass hello123 -g to=1h

Ncrack not logged on the success of the two servers(172.17.4.29 and 172.17.4.30), but I can manually login with the account password(root/hello123) is successful.

The below is the result of manual login

$ ssh [email protected] -p10022
The authenticity of host '[172.17.4.29]:10022 ([172.17.4.29]:10022)' can't be established.
RSA key fingerprint is 78:d8:22:28:0a:ad:a3:fe:xx:xx:xx:xx:xx:ee:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[172.17.4.29]:10022' (RSA) to the list of known hosts.
[email protected]'s password:
Last login: Thu Dec  8 03:09:46 2016 from 172.17.15.137
[root@localhost ~]# exit
logout
Connection to 172.17.4.29 closed.

Q: Manual can login the server, why not detect with ncrack?

FeeiCN avatar Dec 08 '16 03:12 FeeiCN

Can you provide the ssh server's version?

ithilgore avatar Dec 08 '16 03:12 ithilgore 

$ ssh [email protected] -p10022
The authenticity of host '[172.17.4.29]:10022 ([172.17.4.29]:10022)' can't be established.
RSA key fingerprint is 78:d8:22:28:0a:ad:a3:fe:82:2b:0a:03:55:ee:c5:75.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[172.17.4.29]:10022' (RSA) to the list of known hosts.
[email protected]'s password:

[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

[root@localhost ~]# ssh -V
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013

FeeiCN avatar Dec 08 '16 03:12 FeeiCN

OK thanks, I will look into it.

ithilgore avatar Dec 08 '16 04:12 ithilgore