Nmap Development mailing list archives
action-passwd-netbus.nse
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 16 Apr 2011 20:17:08 +0300
Here is a new nse script I wrote for setting the password of a NetBus server. It uses the authentication bypass feature if that is present. It may also use passwords guessed by netbus-brute, or a password given as command line argument. The password argument is shared with script netbus-info, and is thus called netbus-info.password. It should probably be changed to netbus.password, as that would be a more logical name for a shared argument. By default the password is changed into a randomly generated one. I wrote a trivial password generation function that might not always result in secure passwords. Someone might want to write a better password generation library later. You can also state the target password as a command line argument. The argument is called action-passwd.password and should be shared by other scripts used for setting passwords. Ideally one should be able to do --script=action-passwd-*,*brute* to secure all target systems that have weak passwords. Any feedback is welcome. I would also like to hear suggestions for other "action scripts". I was thinking about action-poweroff-* that would be used to shutdown the system, action-reboot-* that would try to send a reboot signal, and possibly action-eject-* that would monkey with the cd tray so you could try to locate physical machines by running scans on them. However all of these features came up by looking at the NetBus protocol. Maybe there are more sensible ones. My feeling is that scripts like these are powerful because they make it possible to perform an action on a large set of machines at once. For example I am not really sure, if actions that allow one to do sql queries make sense because different sql databases have different syntax. Thus each script would need to convert standard sql to the specific sql supported by the database in question. Also I feel that these scripts should result in a state change on the target system, rather than just query for some information. --Toni
Attachment:
action-passwd-netbus.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- action-passwd-netbus.nse Toni Ruottu (Apr 16)
- Re: action-passwd-netbus.nse Fyodor (Apr 16)
- Re: action-passwd-netbus.nse Toni Ruottu (Apr 17)
- Re: action-passwd-netbus.nse Fyodor (Apr 16)