Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about unpwdb filter_iterator

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 17 Apr 2015 15:40:37 -0500
(Replied yesterday and forgot to CC the list)

Phil,

I checked, and we have no scripts that currently use
unpwdb.filter_iterator(). I'd guess nobody thought through the implications
of its current behavior. What it does is not really filter, but rather
transforms each invalid entry to nil. This makes it really impossible to
tell when the iterator is done, since a nil return is supposed to be a
signal that the iterator is done. I've just pushed a change to fix this; in
the meantime, you can use this function instead of unpwdb.filter_iterator():

function filter_iterator (iterator, filter)
  return function (command)
    if command == "reset" then
      iterator "reset"
    else
      local val = iterator(command)
      while val and not filter(val) do
        val = iterator(command)
      end
      return val
    end
  end
end

(I realize now that it's still over-complicated, since the reset case
should return nil, but this is what I came up with at the moment, and it's
still correct.)

Dan

On Thu, Apr 16, 2015 at 5:51 PM, Phil <mainframed767 () gmail com> wrote:


I’m writing a few scripts for mainframe activities and they have some
really interesting rules for usernames/password.

I’m working on a brute force script and for now want to limit usernames to
only contain characters/numbers and be less than or equal to eight chars in
length.

Should be easy:

local valid_name = function(x)
        local patt = "[%w]"
        return (string.len(x) <= 8 and string.match(x,patt))
end

later in action = function( host, port ) I put this:

local users = unpwdb.filter_iterator(brute.usernames_iterator(),valid_name)


And in my usernames.lst file I have 7 users:

root
admin
administrator
webadmin
sysadmin
netadmin
test

Now, what I expected to happen is that it would iterate through root,
admin, webadmin, sysadmin, netadmin and test. In reality, filter_iterator
returns root and admin, then nil and my script ends after only testing
those two users.

Am I doing something wrong? Am I misunderstanding how filter_iterator
works? For now I’m working around it by placing a check in the login
function for brute but I don’t think thats the right way to do it.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: