Nmap Development mailing list archives
Authentication in SMB/MSRPC
From: Ron <ron () skullsecurity net>
Date: Mon, 06 Oct 2008 17:54:35 -0500
Hi all, I'm working on adding authentication to the SMB nselib right now, but I'm not sure how to do it. Here are the key ponits: - Every SMB script will use the same login details - Some scripts might determine login details and save them for others (a bruteforcer, for example) - Invalid logins can lock out accounts, so this can be very dangerous (it's trivial to check if accounts can be locked out, once we've logged in, but that's a catch-22 :) ) Based on those, I'm wondering how, conceptually, you guys think I should implement this? Basically: a) Should each .nse script be responsible for picking the login details to use, or should the SMB class find the login details? b) The login details will be passed in as a parameter, generally, but can also be saved in the nmap registry if they're determined -- if we end up with multiple copies of credentials (maybe the bruteforce found an account, another script found an account, and credentials were passed in), which should be used? (keeping in mind the lock out thing) c) Should the user be able to pass in a list of account to try, or should that be saved for a bruteforce script? d) If the user DOES have several sets of credentials that we want them to try, is there some way to warn them that they may lock out accounts? Even if they're trying a single set of credentials across multiple hosts (they specify a username/password across a /24 or /16), it'd be nice to confirm that they actually want to do what they're doing. e) Should there be some way for a user to give username/password pairs for specific hosts, or is that too granular? Just some thoughts I've come across. the most important one is (a) right now, the rest will fall into place as I go, I think. Thanks! Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Authentication in SMB/MSRPC Ron (Oct 06)
- Re: Authentication in SMB/MSRPC David Fifield (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Fyodor (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Fyodor (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC David Fifield (Oct 07)