Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6

From: Artur Kielak <kielaka () vp pl>
Date: Sun, 12 Aug 2018 03:06:18 +0200
Hi George

Thanks for feedback. Sorry for answering so late.

CMS Made Simple after first request(post) return with specific cookies that are needed to second request (get) and then 
if we have response containing specific pattern then we could say that login is success.
I tested http-form-brute for made simple but it works differently from http-cmsmadesimple-brute.nse. In second request 
(get) must add specific cookie and append to request(get) url key from first request(post). I thank that 
http-cmsmadesimple-brute.nse is rather transparent and faster that no need additional checking in loop for known_apps 
structure and iterate by generic patterns and has always two request to find proper credential. George what do you 
think about it ?

Thanks Artur Kielak.



W dniu 2018-04-19 12:13:54 użytkownik George Chatzisofroniou <sophron () latthi com> napisał:

Hi Artur,

On Tue, Apr 3, 2018 at 9:24 AM, Artur Kielak <kielaka () vp pl> wrote:

I would like add new script for brute force discovery passwords and users in CMS Made Simple in version 2.2.6.
This is my first plugin. Please for review.


Isn't the http-form-brute script sufficient for brute-forcing Made
Simple installations?

George





_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: