Nmap Development mailing list archives

Re: [NSE] Multi-threaded telnet-brute

From: nnposter () users sourceforge net
Date: Mon, 19 Aug 2013 21:12:30 +0000

David Fifield wrote:

These are the results I saw running against Linux telnetd.

2223/tcp open telnet syn-ack Linux telnetd
| telnet-brute:
| Accounts
| No valid accounts found
| Statistics
| Performed 73 guesses in 114 seconds, average tps: 0
|
|_ ERROR: Too many retries, aborted ...


I believe that the error you have encountered occurs only when the limit set by brute.retries is reached, which in turn 
indicates either somewhat unresponsive target or packet loss on the network. Options to try would be to increase 
brute.retries and/or telnet-brute.timeout.

Unfortunately I was not able to reproduce it in my environment without getting more information. I would be happy to 
take a look at your output with debug level 
3 in case I am missing something.

Unrelated, I have changed the code a little to speed up the guessing. The following result is against an ancient 4x400 
MHz clunker with 10 threads:

23/tcp open  telnet syn-ack Linux telnetd
| telnet-brute:
|   Accounts
|     No valid accounts found
|   Statistics
|_    Performed 2930 guesses in 901 seconds, average tps: 3


Please review and commit the patch against revision 31927 below.


Cheers,
nnposter


--- telnet-brute.nse.orig       2013-08-19 12:04:17.609375000 -0600
+++ telnet-brute.nse    2013-08-19 12:07:32.265625000 -0600
@@ -321,7 +321,7 @@
 
 
 ---
--- Set the calling thread up as one of the worker threads
+-- Set up the calling thread as one of the worker threads
 --
 -- @param self Target object
 Target.methods.worker = function (self)
@@ -373,7 +373,6 @@
 --
 -- @param self Target object
 -- @param inuse Whether the worker is in use (true or false)
---              (INIT, EXEC, PARK)
 -- @return inuse
 Target.methods.inuse = function (self, inuse)
        self.workers[coroutine.running()].inuse = inuse
@@ -476,6 +475,10 @@
 -- @return nil if the operation was successful; error code otherwise
 Driver.methods.disconnect = function (self)
        assert(self.conn, "Attempt to disconnect non-existing connection")
+       if self.conn.isopen and not self.conn.error then
+               -- try to reach new login prompt
+               self:prompt()
+       end
        self.conn = nil
        return self.target:detach()
 end

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Multi-threaded telnet-brute nnposter (Aug 06)
- Re: [NSE] Multi-threaded telnet-brute David Fifield (Aug 15)
  - Re: [NSE] Multi-threaded telnet-brute nnposter (Aug 19)
    - Re: [NSE] Multi-threaded telnet-brute David Fifield (Aug 30)