Re: Detecting/parsing a hex string

[Ron <ron () skullsecurity net>]

Brandon Enright wrote:
> On Wed, 08 Oct 2008 17:40:00 -0500
> Ron <ron () skullsecurity net> wrote:
>
> > I could change the parameter name, so you can do "--script-args
> > smbusername=ron,smbpasswordhash=b709...", but that's a little uglier.
>
>
> I like this just fine.  It would also be nice to be able to pass the
> credentials in a file like what smbmount can take.
>
> Brandon
Speaking of that, I was sort of wondering if it'd be possible (or a good
idea) to automatically use the credentials of the current machine (the
sid2user/user2sid programs, for example, do that). So it'll
automatically try to authenticate as the current user, if possible.

The advantage is that, if you're a member of a domain, you can basically
scan any system on the domain without giving credentials.

The downside is it's pretty sketchy, in my mind, reading a user's
privateish data and automatically sending hashes (although Windows will
do that anyways for mounting drives/authentication to Web sites/etc. :) ).

But yeah, that's just a passing thought. I don't plan on doing it, just
putting the idea out there.

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org