Nmap Development mailing list archives
Re: Valid usernames but no password with Creds library
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 7 Jul 2011 18:08:29 +0300
If we know the user names, would it not make sense for brute scripts to try passwords for those user names rather than generic user names? Does that currently happen? How should that work? On Thu, Jul 7, 2011 at 1:47 PM, Patrik Karlsson <patrik () cqure net> wrote:
On Jul 7, 2011, at 9:05 AM, Paulino Calderon wrote:Hi Patrik, I'm updating scripts to use your credentials library and I'm wondering what are your thoughts about adding valid usernames even when we don't have a password. Right now, there is not a way to differentiate when a password is blank and when we don't have one since both show the string "<empty>". How do you guys think we should address this? Or do you think we shouldn't add credentials to the table if we don't have both a username and password? Ps. I'm ccing this to nmap-dev for future reference. Cheers. -- Paulino Calderón Pale Web: http://calderonpale.com Twitter: http://www.twitter.com/paulinocaIderonHi Paulino, I'm guessing that these valid usernames come from some of the enumeration scripts? I see the credential library (database) as two things: 1. storage for discovered credentials, that can be used for consistent output in script results (eg. "Account locked" etc.) 2. storage for discovered credentials, that can be queried from other scripts to get known, valid credentials For case 1, I guess it could make sense to output even discovered user names, in this case we need to find a way to distinguish them from discovered credentials For me personally, I would probably want them in a separate "section" and not mixed together with discovered credentials. For case 2, I wouldn't wan't them mixed with the discovered or parameter supplied credentials. Here, I think it would probably make sense assigning them their own State, maybe KNOWN_USER/VALID_USER or whatever. In this case, they can be queried by using the state mask in getCredentials if someone wishes to do that. I'm guessing a valid use case for 2 could be: sip-enum-users -> store discovered users to creds library (eg. add("1000",nil, creds.State.KNOWN_USER) ) sip-brute -> gets discovered users (eg. getCredentials(creds.State.KNOWN_USER + creds.State.VALID) ) Does that make sense? //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Valid usernames but no password with Creds library Paulino Calderon (Jul 06)
- Re: Valid usernames but no password with Creds library Patrik Karlsson (Jul 07)
- Re: Valid usernames but no password with Creds library Toni Ruottu (Jul 07)
- Re: Valid usernames but no password with Creds library Patrik Karlsson (Jul 07)
- Re: Valid usernames but no password with Creds library Toni Ruottu (Jul 07)
- Re: Valid usernames but no password with Creds library Patrik Karlsson (Jul 07)