-
Notifications
You must be signed in to change notification settings - Fork 239
/
CHANGELOG
242 lines (176 loc) · 9.84 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
~00000
00000000
,000$ 0$+~
$=0= .0+0
000 000
:000 0~0
0000. 0
00000 .
.000000
0?= +.,.
,?00.$000
00000~.:~0
.$+00~?~000
:00000.=0000
?00?00+=: ,0,
00000..0000~ 000000. $0
00..0~0?0::00,?0::?$0. 00 ~
.0. ,0?00000.0$,+,000.00 $00
0. 00.?00=00000~0+0:0000?0,~0?.
.0 +00 0+0000 0000=?~0000?00 00
.: .~~ .000=00000~00=000000+0.0~0$$.
00 , ?00.. 000~000000000000.:0.0:0~ 0$00.+
00.0 00 00?~000~000000000+00 + ~0000000000=$0000
$ 00 00. .00,000000000000$.00000. .0000+$+~00
0 00 .0 000000000?~0000000. 0. .0$000000+$0
0 0 0 000:$~0000=0.0000,$. 00 0000000000
0 00 ?.0000 $0 0 . .0000
. $ ?000. 0 0
0 +~?000
0. :000000?0 |=------=[ Ncrack ]=------=|
0000$?+00
00+0:~0$0+
.0$000?00
0?000000
.000~0
-- [ Ncrack Changelog ] --
Ncrack 0.7 [2019-08-23]
o Added new modules: DICOM, Wordpress, MQTT
o New module: CVS
[Panagiotis Ilias / Barrend]
o New module: SMB2
[Aurelien Aptel <aaptel@suse.com>]
o Extended RDP module to support all latest Windows versions
o Added -oX output option
o Added support for latest OpenSSL 1.1.1c
o Ported opensshlib to OpenSSL 1.1
[Hilko Bengen - bengen@hilluzination.de]
o Fixed MySQL, SSH crashes
[Christian Inci - chris.gh@broke-the-inter.net]
Ncrack 0.6 [2017-10-11]
o Added new modules: MongoDB and MSSQL
[Evangelos Deirmetzoglou - GSoC 2017]
o Added new modules: Cassandra and IMAP
[Panagiotis Ilias / Barrend]
o Improved WinRM module to support NTLM authentication
[Evangelos Deirmetzoglou for Google Summer of Code 2017]
o Implemented 'cr' (connection retries) option (caps number of consecutive
connection attempts until host/service is removed from list)
[Evangelos Deirmetzoglou - GSoC 2017]
o Added 'db' and 'domain' module options for protocols that need a specific
database (e.g. MongoDB) or domain (e.g. WinRM)
o Updated Ncrack to use latest Nsock & Nbase versions.
o Added --stealthy-linear timing option for stealthier cracking sessions
Ncrack 0.5 [2016-03-17]
o Added 4 new modules: Redis, PostgreSQL, MySQL, SIP. Thanks to edeirme for
implementing the Redis, PostgreSQL and MySQL modules.
o Added --pairwise option for special username/password iteration.
o Added --proxy option and proxy support implementation. Many thanks
to Andrew Farabee (https://github.com/andrewfarabee/) for implementing
it.
o Updated the Ncrack openssh library, now based on the OpenSSH 7.1
codebase and updated the SSH module to support all the latest ciphers.
Ncrack 0.4ALPHA [2011-04-23]
o Added the VNC module to Ncrack's arsenal. Thanks to rhh of rycon.hu for
implementing the module and discussing about it for further improvement.
o Wrote the Ncrack Developer's Guide, which is meant to give an overall
insight into Ncrack's architecture and help programmers develop their own
modules (http://nmap.org/ncrack/devguide.html)
o Fixed critical bug in RDP module, which caused Ncrack to fail cracking
some Windows 2003 server versions.
o Added a mechanism (MODULE_ERR), which modules can use to report to the
Ncrack engine that the authentication wasn't completed due to an
application error. For instance, the VNC server often notifies the client
that there are "too many authentication failures" and Ncrack can then
close the running connections and wait some time until the above wears
off.
o Ncrack can now print the nsock EID (unique connection ID) in debugging
messages. This will greatly help us track problems, since error messages
will be matched to certain connections.
Ncrack 0.3ALPHA [2010-09-07]
o Ncrack can now crack the Remote Desktop Protocol on all Windows versions from
XP and above, with the introduction of the RDP module. Users are well advised
to read http://seclists.org/nmap-dev/2010/q3/450 for cracking Windows XP
machines since they can't handle many concurrent RDP connections.
o Implemented the SMB module which can crack Microsoft's SMB/CIFS services as
well as UNIX Samba servers.
o Introduced the '-f' option, which forces Ncrack to quit cracking a
service after it finds one credential for it. Specifying the option twice
like '-f -f' will cause Ncrack to completely quit after any credential is
found on any service.
o Added support for blank-password testing. Ncrack will now test a blank
entry whenever it sees an empty line in any of the wordlists. The same
behaviour applies for passing the options --user '' or --pass ''.
o Improved the Ncrack scorpion logo with an updated SVG version (see
the top of http://nmap.org/ncrack/)
Ncrack 0.2ALPHA [2010-06-12]
o Ncrack now interactively prints out discovered credentials whenever
the user presses the 'p' key. Also, in verbose mode (-v), Ncrack
now prints new credentials whenever they are discovered. Basic
statistics (cracking rate, number of credentials found, but not the
credentials themselves) can be obtained by pressing enter or another
key at any time.
o Added the --resume option, which allows users to cancel (usually by
pressing Ctrl+C) and later restore a cracking session through a file
with the saved state. The Ncrack restoration file is saved at
.ncrack/ under the home user's directory for *nix systems and inside
the user's profile directory (normally under C:\Documents and
Settings\<user>\.ncrack\) in Windows. The file name format is
restore.<date>_<time> e.g: restore.2009-11-1_10-10 . The time isn't
in XX:XX format because Windows doesn't allow colons in filenames.
o Implemented the -iN option which lets Ncrack review Nmap normal
(-oN) output to find targets.
o Implemented -iX option, which allows Ncrack to obtain targets by
reading an Nmap XML (-oX) output format file.
o Ncrack's help screen (ncrack -h) now includes practical real-life
examples as well as a list of protocol cracking modules supported.
You can also list the supported modules with -V.
o Added experimental pop3(s) support - patch initially made by Bucsay Balazs
and then modified by Ithilgore.
o Ncrack now shares the Nsock library with Nmap rather than having its
own fork. This makes maintenance much easier. This was
accomplished by adding a way to compile Nsock without Libpcap (which
Ncrack doesn't use).
o Fixed a timeout-related error which was due to the way Nsock caches
its time values to avoid too many gettimeofday() system calls,
leading to Ncrack thinking that negative time had elapsed in some
cases. See the report at http://seclists.org/nmap-dev/2010/q2/450.
o Fixed bug which caused an endless loop before Ncrack could exit
properly (reported at http://seclists.org/nmap-dev/2010/q2/746).
o Fixed several memory leaks with the help of Valgrind. Also conducted a
Valgrind test for all modules. A report on a big memory leak was made here:
http://seclists.org/nmap-dev/2010/q1/1140
o Fixed a problem which lead to the configure script being executed
twice for each of Ncrack's dependency libraries. Compilation is
much faster now.
o Added cleanup function for modules. This is made possible by a
function pointer (ops_free) in the Connection class, that
deallocates all internal struct members of misc_info . Since these
are module-specific data, each module should initialize this
function upon first invocation.
o Added a snprintf function to Buf class. This is really handy for
module writers since it allows multiple I/O operations in
one line.
o Changed the module API Connection class to split the old iobuf
system into two separate iobufs (one for inbound and one for
outbound data).
o We now use the same default password list as Nmap, which is based on
data from many compromised/leaked systems. We also have included
several individual files which can be used instead, such as Solar
Designer's password file from his cracking application John.
o Added the --user and --pass options for command-line user and
password list specification.
o Reported to Microsoft an issue on Windows (running on Windows rather
than against it) which was slowing the scans down
(http://seclists.org/nmap-dev/2009/q2/774). Microsoft wasn't able to
reproduce the problem
(https://connect.microsoft.com/WNDP/feedback/ViewFeedback.aspx?FeedbackID=479640),
but it seems that changes made by ESET Nod32 AV on Ithilgore's
machine may have been the problem. It works for him if he disables
Nod32, so users might consider trying that if they experience poor
performance.
o Fixed a compilation failure which occurred at linking when OpenSSL
was not available on the system.
o Added this CHANGELOG file to the distribution.
Ncrack 0.01ALPHA [2009-08-10]
o First public release of Ncrack.