Nmap Development mailing list archives
Re: nse crypto
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sun, 13 Mar 2011 01:39:33 +0200
Debug output tells me: NSE: Trying <empty> against 127.0.0.1:9929 but the result ends up stating: 9929/tcp open nping-echo syn-ack | nping-brute: | Accounts | => Login correct | Statistics |_ Perfomed 10 guesses in 10 seconds, average tps: 1 You can run an nping server with empty password by commanding: nping --es "" Nping ships with nmap. So you should have it, if you have installed a relatively new nmap on your system. On Sat, Mar 12, 2011 at 6:32 PM, Patrik Karlsson <patrik () cqure net> wrote:
Den 2011-03-12 16.56 skrev Toni Ruottu <toni.ruottu () iki fi>:Here is a new version that uses the brute library. I did not notice any speed ups, but using the library seems a good idea anyway, as it makes this work similarly to other scripts. Should the library replace an empty password with <empty> when it is reporting results? I though I should not do that, as the library could define a standard way for doing such things.The library should replace an empty password with <empty>. In case it doesn't this is a bug. I don't have a nping server setup myself to test this though. I've tested the script against the IP below and it works for me. I get roughly one try per second.On Fri, Mar 11, 2011 at 10:25 PM, David Fifield <david () bamsoftware com> wrote:On Fri, Mar 11, 2011 at 02:29:39AM +0200, Toni Ruottu wrote:I got the script written using openssl. In the end the crypto was surprisingly manageable, compared to dealing with IPv6 addresses. :-) I have attached the script to this email. I am running an instance of nping echo server with password 12345 at 174.129.239.201 Feel free to test the script against it by commanding nmap 174.129.239.201 -p 9929 --script=nping-brute Trying out passwords is somewhat slow, so testing with really easy ones may be a good idea. Add -d -d to the command line to see progress.I tried it. It found the correct password after three guesses in 6 seconds. It seems to do about 1 guess per second on another server. I think the way to speed it up is to use the brute.lua library. See Patrik Karlsson's brute scripts for examples of using it. David Fifield_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev///Patrik
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nse crypto Toni Ruottu (Mar 08)
- Re: nse crypto David Fifield (Mar 08)
- Re: nse crypto Toni Ruottu (Mar 08)
- Re: nse crypto Fyodor (Mar 08)
- Re: nse crypto Toni Ruottu (Mar 09)
- Re: nse crypto Toni Ruottu (Mar 10)
- Re: nse crypto David Fifield (Mar 11)
- Re: nse crypto Toni Ruottu (Mar 12)
- Re: nse crypto Patrik Karlsson (Mar 12)
- Re: nse crypto Toni Ruottu (Mar 12)
- Re: nse crypto Patrik Karlsson (Mar 12)
- Re: nse crypto Toni Ruottu (Mar 12)
- Re: nse crypto Toni Ruottu (Mar 12)
- Re: nse crypto Patrik Karlsson (Mar 12)
- Re: nse crypto Toni Ruottu (Mar 08)
- Re: nse crypto David Fifield (Mar 08)
- Re: nse crypto David Fifield (Mar 12)
- Re: nse crypto Toni Ruottu (Mar 12)
- Re: nse crypto Luis MartinGarcia. (Mar 13)
- Re: nse crypto Toni Ruottu (Mar 13)
- Re: nse crypto Patrik Karlsson (Mar 13)
- Re: nse crypto Toni Ruottu (Mar 13)