Nmap Development mailing list archives
Re: [NSE] Request for feedback on account status reported by *-brute scripts
From: Patrik Karlsson <patrik () labb1 com>
Date: Sun, 11 Sep 2011 20:40:39 +0200
Hi Tom, I'm traveling at the moment and haven't had time to look at your changes. One think came to mind though, in regard to locked accounts; In oracle, if an account is locked the server will respond with account locked, regardless of whether the password is correct or not. This would make the change from "account locked" to "valid credentials, account locked" inaccurate. I'm not sure whether there are more services that behave this way among the changed ones. Cheers, Patrik Sent from my iPhone On 11 sep 2011, at 14:24, Tom Sellers <nmap () fadedcode net> wrote:
On 9/9/2011 7:54 PM, Tom Sellers wrote:All, I would like to standardize on the following strings when reporting account status from the account brute force attack NSE scripts: Invalid credentials Valid credentials Valid credentials, account locked Valid credentials, account disabled Valid credentials, account expired Valid credentials, account cannot log in at current time Valid credentials, account cannot log in from current host Valid credentials, password must be changed at next logon If there are no objections I will make the changes to the scripts. I will only change the values where the new text makes contextual sense. This is a short term goal. My longer term goal will be to add support to each of the scripts for the creds library or convert them to Patrik's wicked useful brute library which has support for creds.The changes mentioned above have been implemented for most scripts. In the case of some of the scripts only the example text was updated as they used the 'creds' library which handles the strings internally. There are a few scripts that I did not adjust because either the changes did not make sense in context or it would be easier to just migrate them to the 'creds' library. This change WILL affect anyone who was programmatically parsing the scripts' results. When the process is complete, however, it should make that effort easier. Tom _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Request for feedback on account status reported by *-brute scripts Tom Sellers (Sep 09)
- Re: [NSE] Request for feedback on account status reported by *-brute scripts Patrik Karlsson (Sep 10)
- Re: [NSE] Request for feedback on account status reported by *-brute scripts Tom Sellers (Sep 11)
- Re: [NSE] Request for feedback on account status reported by *-brute scripts Patrik Karlsson (Sep 11)
- Re: [NSE] Request for feedback on account status reported by *-brute scripts Tom Sellers (Sep 11)
- Re: [NSE] Request for feedback on account status reported by *-brute scripts Djalal Harouni (Sep 12)
- Re: [NSE] Request for feedback on account status reported by *-brute scripts Patrik Karlsson (Sep 11)