Nmap Development mailing list archives
[NSE] xmpp-brute
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 21 Jul 2011 14:31:02 +0200
Hi list, I've created another script that makes use of the new SASL library and the brute framework xmpp-brute. xmpp-brute performs brute force password auditing against XMPP (jabber) servers. I've moved the core functionality to a library which the script makes use of. The library makes use of the initial tag parsing functionality created by Vasiliy Kulikov. It detects and supports encryption initiated through STARTTLS and has support for the PLAIN and DIGEST-MD5 authentication mechanisms. By using a trivial socket pool in the XMPP brute driver (the same as in imap- and smtp-brute) the speed was increased considerably. Running against my virtualbox test environment I get roughly 1200tps which I more than I expected. Due to the parsing and buffered io, there's a small "ugliness" in the send function. When reading off the socket the library needs to be aware of the possible xml tags and how to interpret them. Depending on the tag received there may or may not be more data to read off the socket. As there is no linefeed or null byte to rely on as a terminator we don't want to read passed the end and risk a timeout. However, we don't want to leave anything unread either as this will be read off the socket before any new data after our next send, getting us "out of sync". I've done my best to ensure this doesn't happen by browsing the RFCs and studying responses from a number of different servers and adding conditions for this. As an additional precaution I've also added a small loop in the send functions that using a very low timeout tries to read the socket until it receives a timeout, before each send. If there's a better way of "flushing" the buffer, please let me know and I'll try to get rid of this code. I'm attaching the script and the new library. //Patrik
Attachment:
xmpp-brute.nse
Description:
Attachment:
xmpp.lua
Description:
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] xmpp-brute Patrik Karlsson (Jul 21)
- Re: [NSE] xmpp-brute Patrik Karlsson (Jul 22)
- Re: [NSE] xmpp-brute Patrik Karlsson (Jul 25)
- Re: [NSE] xmpp-brute Vasiliy Kulikov (Jul 24)
- Re: [NSE] xmpp-brute Patrik Karlsson (Jul 22)