Re: [NSELIB/NSE] Updates SMB/MSRPC scripts

[Ron <ron () skullsecurity net>]

Fyodor wrote:
> On Sat, Oct 04, 2008 at 09:38:18PM +0100, jah wrote:
>
> Nice!  Thanks for testing.  It is exciting to get a script like this!
> It might be nice to make the output a bit more compact though.  For
> example, instead of:
>
> |   |_ Min password length: 0 characters
> |   |_ Max password age: 42 days
> |   |_ Min password age: 0 days
> |   |_ Lockout threshold: 0 login attempts
> |   |_ Lockout duration: 30 minutes
> |   |_ Lockout window: 30 minutes
>
> Maybe it could be two lines, such as:
>
> |   |_ Password min-length: 0; min-age: 0 days; max-age: 42 days
> |   |_ Account lockout threshold: 0 attempts; duration: 30 min; window: 30 min
>
> Or maybe it could be even smarter and note that Account lockout is
> disabled (I assume that is what a threshold of 0 means).
>
> I don't want this to delay inclusion of the scripts or anything, but
> it would still be nice to think of what can be done to reduce the
> number of lines printed.  We need to be careful not to let Nmap output
> get too bloated.
>
> Cheers,
> -F

A quick question for anybody with an opinion: Windows is kind of odd,
and, even when a max age isn't specified, it still returns something:
|   |_ Max password age: 10675199 days

I'm not sure exactly where that number comes from, but how do you think
I should handle it? I could check if the age is greater than 10,000,000
days, or I could just compare it to 100,000 days (I don't think anybody
will care if passwords expire in >250 years). Or, I can just display
that the password will expire in 10 million days and let the user figure
out what that means (that's what I'm doing right now).

Any thoughts on this?

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org