Nmap Development mailing list archives
Fixes to smb-brute.nse
From: Ron <ron () skullsecurity net>
Date: Sat, 23 Jan 2010 10:35:47 -0600
A couple people reported a bug to me in smb-brute.nse. In recent versions, it doesn't detect account lockouts properly and locks out every account (if lockouts are enabled). That was a stupid mistake on my part, I was checking a return condition incorrectly. I fixed this in r16350, which I suggest should be copied to 5.21 -- it's a bug that can be harmful in certain cases. I also made a couple of bigger changes to the script. As of r16538 and r16551, smb-brute.nse can check the domain's account lockout policy to see if accounts are labeled before ever trying. Those revisions probably need a little more testing, so I wouldn't suggest them for 5.21, but they should be helpful in the future. Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Fixes to smb-brute.nse Ron (Jan 23)
- Re: Fixes to smb-brute.nse David Fifield (Jan 25)
- Re: Fixes to smb-brute.nse Ron (Jan 25)
- Re: Fixes to smb-brute.nse David Fifield (Jan 25)