Automating Password Attacks with Ncrack
Tool Authors: Fotis Hantzis, Fyodor
Last but not least, we could use Ncrack with the recovered credentials against our target system. Ncrack is a high-speed automated authentication cracking tool. Though it is preferred now to use Nmap’s brute force scripts from the Nmap Scripting Engine (https://nmap.org/book/nse.html) , this is still a very useful tool.
➢ Enter, “ncrack -h” to display available options
➢ ncrack -p 21 -U ~/Users -P ~/Passwords [Metasploitable2_IP]
Between the three tools, I really do not have a preference. Also remember that these tools could be used against Windows systems as well. Better yet, they can be used against multiple systems, so once you get a username/password combo, you can try it against all the systems in a network. Depending on how stealthy you want to...