[NSE] Bruteforce telnet

["Eddie Bell" <ejlbell () gmail com>]

Hello everyone,

I've committed (and attached) a telnet bruteforce script. It tries a
selection user/pass pairs compromising of common logins and default
router credentials.  There are a total of 22 user/pass pairs which
seems to be the best compromise between speed and coverage.

On a public telnet server:

Interesting ports on vtn1.victoria.tc.ca (199.60.222.3):
PORT   STATE SERVICE
23/tcp open  telnet
|_ bruteforce: guest - <blank>

On my home router using its default configuration:

Interesting ports on BThomehub.home (192.168.1.254):
PORT   STATE SERVICE
23/tcp open  telnet
|_ bruteforce: admin - admin

It takes a couple of minutes to run as most telnet services only allow
1-3 attempts per connection and verification is delayed (to prevent
timing attacks?). Although it will stop as soon as it finds valid
credentials.

Because this sort of script spends a long time waiting for input, the
ideal future project would be to incorporate select() into NSE and use
co-routines to brute force in parallel. Perhaps even create a nselib
framework to do this which can be used by a whole family of brute*.nse
scripts. For now, this one should wet our appetites :)

All testing appreciated

cheers
- eddie

Attachment: bruteTelnet.nse.gz
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org