Brute Force Username and Passwords with Ncrack – Security / Educational

Disclaimer: You must own or have permission to run Ncrack on any network or device.  This post is used for educational purposes.

IT admin personnel can test different devices and their setups with ncrack.  If devices are set up in a network, services such as SSH, FTP, HTTP, SNMP or others can inadvertently be left on with simplex or default passwords.  Many printers and other devices have these default services left on.  Some devices such as IoT may have hard coded usernames and passwords.

Ncrack for Linux, Mac or Windows can be found here 

If you install Ncrack, you can use common username and password list that come with ncrack.  Other lists can be found here.  You can use Notepad++ to add usernames or passwords to the lists.

To run Ncrack, you must use (in this case Windows) a command prompt.

Change into the directory that contains Ncrack.  In the example below, we have moved the user files and password files into the same folder as the executable.

Below -Ncrack was installed and then moved to the root of c:


The password and user lists were selected and cut.


The password and user lists were then moved (pasted) in the Ncrack folder.


Below is an example of the user file.  Remember you can add usernames to the list.  You can do the same for the password lists.

4 users

To test a router (one that we own), we ran –
ncrack -vv -U minimal.usr -P default.pwd     (the 23 represents telnet’s port number)

Below you will see the username and password for telnet.


Running ncrack again with port 80 we can see below, two usernames and passwords are given.  One for root and one for admin.


Reusing the credentials below show control of a (lab based) router.


How do you protect against this?

  1. Disable services in printers, routers and on your computer that you don’t use.
  2. Turn on firewalls if applicable.
  3. Set complex passwords on all accounts on the device.
  4. Remember some devices have services that you may not know about.  You can use NMAP on the devices to see which ports are open.
  5. Research the device to see if there are alternate accounts or services you are unaware of.
  6. If you cannot set passwords on devices that have hard coded passwords, remove the device from the network

About TCAT Shelbyville IT Department

The Tennessee College of Applied Technology - is one of 46 institutions in the Tennessee Board of Regents System, the seventh largest system of higher education in the nation. This system comprises six universities, fourteen community colleges, and twenty-six Applied Technology Colleges.
This entry was posted in Computer Security, Education, Free Software, Hacking, Information Technology, IoT, Technology and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s