Nmap Development mailing list archives
Re: Authentication in SMB/MSRPC
From: Fyodor <fyodor () insecure org>
Date: Tue, 7 Oct 2008 12:46:10 -0700
On Tue, Oct 07, 2008 at 09:29:26AM -0500, Ron wrote:
I don't believe Nessus will dig like that. But I know that some applications will attempt to find holes and use those holes to scan more deeply (Core Impact comes to mind, among others).
Metasploit does too.
I don't think Nessus will even attempt bruteforce attacks, though,
Then they are missing out on an important attack vector (though one which is so intrusive that it shouldn't be a default in Nmap) except maybe in certain extremely trivial forms.
At the same time, I don't think anybody wants to turn Nmap into an exploitation tool, so we sort of have to draw the line somewhere. I was thinking of adding bruteforce because other Nmap scripts do the same. Which just made me think -- if one of the other bruteforce scripts is successful (telnet, pop3, snmp, etc), should it store the credentials in the registry? It seems like you can line up scripts pretty nicely like that, "if script A or B finds SNMP credentials, then script C will use those credentials to walk the SNMP tree and display the information."
Yeah, we had been talking about doing that in our weekly SoC NSE meetings we had this summer.
Of course, that's getting pretty intrusive, which is probably the core issue here -- how intrusive is "too intrusive"?
Given that the brute force scripts are by their nature non-default and very intrusive, I'm not sure that using discovered credentials for further exploration would be escalating the intrusiveness too much. But it is a hard call. If the authentication-requiring scripts won't use discovered credentials by default, we should at least provide the option. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Authentication in SMB/MSRPC Ron (Oct 06)
- Re: Authentication in SMB/MSRPC David Fifield (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Fyodor (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Fyodor (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC Ron (Oct 07)
- Re: Authentication in SMB/MSRPC David Fifield (Oct 07)