Nmap Development mailing list archives
[NSE] Bruteforce telnet
From: "Eddie Bell" <ejlbell () gmail com>
Date: Sat, 30 Jun 2007 15:28:30 +0100
Hello everyone, I've committed (and attached) a telnet bruteforce script. It tries a selection user/pass pairs compromising of common logins and default router credentials. There are a total of 22 user/pass pairs which seems to be the best compromise between speed and coverage. On a public telnet server: Interesting ports on vtn1.victoria.tc.ca (199.60.222.3): PORT STATE SERVICE 23/tcp open telnet |_ bruteforce: guest - <blank> On my home router using its default configuration: Interesting ports on BThomehub.home (192.168.1.254): PORT STATE SERVICE 23/tcp open telnet |_ bruteforce: admin - admin It takes a couple of minutes to run as most telnet services only allow 1-3 attempts per connection and verification is delayed (to prevent timing attacks?). Although it will stop as soon as it finds valid credentials. Because this sort of script spends a long time waiting for input, the ideal future project would be to incorporate select() into NSE and use co-routines to brute force in parallel. Perhaps even create a nselib framework to do this which can be used by a whole family of brute*.nse scripts. For now, this one should wet our appetites :) All testing appreciated cheers - eddie
Attachment:
bruteTelnet.nse.gz
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] Bruteforce telnet Eddie Bell (Jun 30)