Comments (5)
Could you please run Ncrack with gdb and print a stack trace? Thanks
$ gdb ncrack
(gdb) run --user root mysql://127.0.0.1 -d9 -v
...
(seg fault)
(gdb) i s
(gdb) i f
from ncrack.
(gdb) run
Starting program: /usr/local/bin/ncrack --user root mysql://127.0.0.1 -d9 -v
Fetchfile found /usr/local/share/ncrack/default.pwd
Starting Ncrack 0.5 ( http://ncrack.org ) at 2016-04-25 17:22 PDT
mysql://127.0.0.1:3306 (EID 1) Initiating new Connection
mysql://127.0.0.1:3306 pushed to list FULL
*** stack smashing detected ***: /usr/local/bin/ncrack terminated
Program received signal SIGABRT, Aborted.
0x00007ffff6ade418 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
54 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) i s
#0 0x00007ffff6ade418 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:54
#1 0x00007ffff6ae001a in __GI_abort () at abort.c:89
#2 0x00007ffff6b2072a in __libc_message (do_abort=do_abort@entry=1,
fmt=fmt@entry=0x7ffff6c37c7f "*** %s ***: %s terminated\n")
at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff6bc189c in __GI___fortify_fail (msg=,
msg@entry=0x7ffff6c37c61 "stack smashing detected") at fortify_fail.c:37
#4 0x00007ffff6bc1840 in __stack_chk_fail () at stack_chk_fail.c:28
#5 0x0000000000426796 in ?? ()
#6 0x0000000000426843 in ?? ()
#7 0x0000000000409314 in ?? ()
#8 0x000000000042bf98 in ?? ()
#9 0x0000000000429b79 in ?? ()
#10 0x000000000042de29 in ?? ()
#11 0x0000000000429650 in ?? ()
#12 0x000000000040b538 in ?? ()
#13 0x000000000040748b in ?? ()
#14 0x00007ffff6ac9830 in __libc_start_main (main=0x407450, argc=6,
argv=0x7fffffffe5f8, init=, fini=,
rtld_fini=, stack_end=0x7fffffffe5e8)
at ../csu/libc-start.c:291
#15 0x0000000000407689 in ?? ()
(gdb) i f
Stack level 0, frame at 0x7fffffffc360:
rip = 0x7ffff6ade418 in __GI_raise (../sysdeps/unix/sysv/linux/raise.c:54);
saved rip = 0x7ffff6ae001a
called by frame at 0x7fffffffc490
source language c.
Arglist at 0x7fffffffc350, args: sig=sig@entry=6
Locals at 0x7fffffffc350, Previous frame's sp is 0x7fffffffc360
Saved registers:
rip at 0x7fffffffc358
from ncrack.
I'm having a similar / the same issue.
I ran ncrack with three usernames and four passwords.
After a successful login, It does a "popped from list FULL" and then "pushed to list FULL".
Between those operations the last password in my password array get turned to NULL or random bits.
I ran a scan 10 times with the same options and got these three different endings.
ssh://x:22 pushed to list FULL
Segmentation fault
---
ssh://x:22 pushed to list FULL
appendToPool: tried to append NULL password into pair pool
QUITTING!
---
ssh://x:22 pushed to list FULL
ssh://x:22 Pool: Append 'username-2' 'x«À�'
ssh://x:22 (EID 24) closed on us in the middle of authentication!
ssh://x:22 (EID 24) Connection closed by peer
ssh://x:22 (EID 24) Dropping connection limit due to connection error to: 45
ssh://x:22 (EID 24) Attempts: total 5 completed 4 supported 4 --- rate 0.68
Segmentation fault
If I specify the -f option I do not hit this issue as often.
Please let me know if you need anything else.
from ncrack.
FYI -- I'm seeing this same issue running against a single username, a list of 5 passwords and a list of hosts. Appears to get through some of the hosts and then segfaults, but other times it wont get through any and segfaults.
Running on the official kali docker image.
from ncrack.
Thanks for your reports! I will look into it.
from ncrack.
Related Issues (20)
- Service with name 'mongod' not supported! When using nmap xml outpu HOT 1
- [FR] add service option to specify deffrent user and password
- module http/https, inccorrect 'Host' HTTP header when using IPv6 (-6)
- How to Bruteforce a List HOT 1
- ncrack does not work
- Please, add webform (get,post) cracking ^user^ and ^password^ options, like Hydra/Medura/Patator do
- Please, add SMTP[S] cracking option like Hydra/Medusa/Patator do
- IPv6 failed when loading iX targets
- ncrack failing on m1 MAC running Monterey 12.0.1
- ncrack fails on mssql service when creds require domain
- multiple definition of `umac_ctx' HOT 2
- Failed to open input file password.lst for reading! QUITTING! HOT 1
- looking_init: failed to open file ncrack-services for reading! QUITTING!
- ncrack fails to compile: multiple definition of `umac_ctx' HOT 3
- How to Bruteforce a List
- "config.guess" and "config.sub" files are too outdated HOT 2
- Passwords
- /usr/bin/ld: opensshlib/libopenssh.a(umac128.o):/var/opt/ncrack-0.7/opensshlib/./umac.c:1184: multiple definition of `umac_ctx'; opensshlib/libopenssh.a(umac.o):/var/opt/ncrack-0.7/opensshlib/umac.c:1184: first defined here
- ncrack fails to configure with -Werror=implicit-function-declaration
- ncrack fails to build in Debian unstable due to -Werror=implicit-function-declaration
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ncrack.