Evangelos Deirmentzoglou GSoC status report #14 of 17

[Evangelos Deirme <edeirme () gmail com>]

Hey everyone,

This is my report for the 14th week of GSoC 2017.

---Status Report #14 of 17---

14 August 2017

Accomplishments:

* Started development of MongoDB module.
* Developed the MongoDB-CR authentication mode. It requires a bit more
testing but overall it is complete.
* SCRAM-SHA-1 authentication mode is still under development. At the moment
the module sends to the server the clientNonce, receives the server's
response and extracts the data needed for the payload calculation.
* The module identifies the version of the MongoDB server. If the server is
below version 3 it will default to MongoDB-CR authentication and if the
MongoDB version is above version 3 it will default to SCRAM-SHA-1.
* The module requires a database to authenticate upon. By default, the
module will brute force the database 'admin' but a module argument can be
passed to specify another database name.

Priorities:

* Continue development of MongoDB module.
* Some MongoDB servers have no authentication at all. A packet to identify
whether the database has authentication or not should be sent before
starting the brute force attempts.
* Develop the Windows version of the MongoDB module.
* Solve bug, if any on the MSSQL module.
* Solve bug, if any on the WinRM module.


Thanks,

Evangelos Deirmentzoglou

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/