Nmap Development mailing list archives
Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6
From: George Chatzisofroniou <sophron () latthi com>
Date: Mon, 20 Aug 2018 12:19:22 +0300
I personally favor the extension of current NSE functionality. Instead of iterating through the `known_apps` table, we can introduce an argument `--http-form-brute.app` that will assume the target installation. Extending `http-form-brute` to support a two-step login process would be a great addition that could work against other applications too. George On Sun, Aug 12, 2018 at 4:06 AM, Artur Kielak <kielaka () vp pl> wrote:
Hi George Thanks for feedback. Sorry for answering so late. CMS Made Simple after first request(post) return with specific cookies that are needed to second request (get) and then if we have response containing specific pattern then we could say that login is success. I tested http-form-brute for made simple but it works differently from http-cmsmadesimple-brute.nse. In second request (get) must add specific cookie and append to request(get) url key from first request(post). I thank that http-cmsmadesimple-brute.nse is rather transparent and faster that no need additional checking in loop for known_apps structure and iterate by generic patterns and has always two request to find proper credential. George what do you think about it ? Thanks Artur Kielak. W dniu 2018-04-19 12:13:54 użytkownik George Chatzisofroniou <sophron () latthi com> napisał:Hi Artur, On Tue, Apr 3, 2018 at 9:24 AM, Artur Kielak <kielaka () vp pl> wrote:I would like add new script for brute force discovery passwords and users in CMS Made Simple in version 2.2.6. This is my first plugin. Please for review.Isn't the http-form-brute script sufficient for brute-forcing Made Simple installations? George
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6 Artur Kielak (Aug 11)
- Re: Re: New script for brute-force discovery passwords and users in CMS Made Simple in version 2.2.6 George Chatzisofroniou (Aug 20)