Nmap Development mailing list archives
Re: Authentication in SMB/MSRPC
From: Ron <ron () skullsecurity net>
Date: Tue, 07 Oct 2008 10:43:16 -0500
Fyodor wrote:
On Tue, Oct 07, 2008 at 09:29:26AM -0500, Ron wrote:
>
Yeah, we had been talking about doing that in our weekly SoC NSE meetings we had this summer.
Nice, I think that'd be a great step toward being a full fledged VA tool.
Given that the brute force scripts are by their nature non-default and very intrusive, I'm not sure that using discovered credentials for further exploration would be escalating the intrusiveness too much. But it is a hard call. If the authentication-requiring scripts won't use discovered credentials by default, we should at least provide the option.
That's a good point about already being intrusive.Maybe I'll build the script to grab authentication from wherever it can find (parameters or registry), and let other scripts sort out that stuff. If credentials for that server end up in the registry, it makes sense to use them.
Ron
Cheers, -F
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Authentication in SMB/MSRPC Ron (Oct 06)
- Re: Authentication in SMB/MSRPC David Fifield (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Fyodor (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Fyodor (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC David Fifield (Oct 07)