Nmap Development mailing list archives
Wai Tuck's GSOC status report #14 of 17
From: Wong Wai Tuck <wongwaituck () gmail com>
Date: Tue, 15 Aug 2017 09:35:07 +0000
After a long struggle, I have finally completed the smb-smbloris script but it suffers from quite a number of limitations with and will be discussing with George later! Accomplishments - Completed smb-smbloris, but suffers from a disappearing sockets problem that I hope to discuss with my mentor! - Finished the first iteration for pwdprofiling - I have augmented unpwdb.lua to allow scripts to add words and even phrases to the database (which can be used for bruteforcing both passwords and usernames later). The words are filtered for common meaningless English words (e.g. the, a) and the remaining unique words will become candidates for username/passwords for later on in the scan, allowing the brute scripts to use information from scanning of one host (e.g. the Workgroup name of a Windows host) as potential username/password candidates for a different host (e.g. one running Linux). I have tested the library with improvements to ssh-brute and smb-os-discovery and it is working well :) Priorities - Discuss with mentor about smbloris script - Implement specificity options for using of information collected by password profiling scripts (e.g. per host basis, per subnet basis) - Look through scripts and augment candidate scripts with the same capabilities for password profiling (i.e. scripts that collect information) - Work on password mangling library That's it for now! Wai Tuck
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Wai Tuck's GSOC status report #14 of 17 Wong Wai Tuck (Aug 15)