Nmap Development mailing list archives
Re: http-barracuda-dir-traversal.nse
From: Brendan Coles <bcoles () gmail com>
Date: Fri, 10 Jun 2011 11:21:00 +1000
Version 0.2 is attached which implements the suggested changes. A user count is provided, a reference to the full disclosure post was added and error handling was improved. Regards, Brendan Coles http://itsecuritysolutions.org On Fri, Jun 10, 2011 at 6:48 AM, Patrik Karlsson <patrik () cqure net> wrote:
I've sent a proposed solution, a library and a few sample scripts to the list. http://seclists.org/nmap-dev/2011/q2/504 As I didn't get a single comment on it, I simply forgot about it. I think it's a good solution (obviously as I wrote and posted it), if you have the time to check it out and think so as well, I'm happy to commit it. Once committed, new scripts can make use of it and I can start changing the brute library to use it to. Cheers, //PatrikI understood we had a user credential database for scripts to record the passwords they find. It was created, so brute scripts would not need to duplicate that functionality. Has the credential database been applied to trunk, or is it still being discussed? On Wed, Jun 8, 2011 at 7:50 PM, Michael Lubinski <michael.lubinski () gmail com> wrote:Worth referring to an old link about this topic; http://seclists.org/fulldisclosure/2010/Oct/11<http://seclists.org/fulldisclosure/2010/Oct/119> 9 <http://seclists.org/fulldisclosure/2010/Oct/119> I would say still relevant though, Ive seen barracuda passwords match the domain admin password in the past. On Wed, Jun 8, 2011 at 11:01 AM, Gutek <ange.gutek () gmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 08/06/2011 06:00, Brendan Coles a écrit : There's tonnes of information available in theBarracuda config files, including plaintext passwords for all mailaccounts.The configuration files often contain hundreds (if not thousands) ofuseraccounts so I've left this information out for now.(script not tested yet) So, maybe it would be useful to report if such accounts are present, and how many ? that way the nmap user would be aware of this critical info and could investigate further. Thanks for this script, A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEUEARECAAYFAk3vnOwACgkQ3aDTTO0ha7ivDgCfX2ej9Ux/IKZF8aMRB9AT8RYp HAMAljTDsfhww+AiXnJ3XcxBRKsDlOI= =jnfg -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
Attachment:
http-barracuda-dir-traversal.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-barracuda-dir-traversal.nse Brendan Coles (Jun 07)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Toni Ruottu (Jun 09)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 09)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 09)
- Re: http-barracuda-dir-traversal.nse David Fifield (Jun 14)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 14)
- Re: http-barracuda-dir-traversal.nse Paulino Calderon (Jun 28)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Fyodor (Jun 14)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 19)
- Re: http-barracuda-dir-traversal.nse Toni Ruottu (Jun 19)
- Re: http-barracuda-dir-traversal.nse Djalal Harouni (Jun 20)
- Re: creds-summary David Fifield (Jun 20)
- Re: creds-summary Patrik Karlsson (Jun 27)