Re: Updated SMB scripts

[Ron <ron () skullsecurity net>]

Kris Katterjohn wrote:
> On 12/24/2008 02:59 PM, Ron wrote:
>
> Yep, works like a charm now.  And I must say, good job with this!  I haven't
> been able to keep up with some things lately, but these are great now!
Awesome!

On a somewhat tangential topic (but, while I still have your attention
:) ), I'm working on a bruteforce script for SMB that I didn't include
in the latest update. I started using unpwdb which I think was written
by you, but it has some limitations. For instance, I want to be able to
collect usernames as I go along (especially from boxes that let me pull
a list of users either before or after finding a login), and prioritize
commonly found usernames/passwords as I go along (ie, when a password is
discovered, it's moved to the top of the list).

It'd also be useful to use the collected usernames/passwords for other
bruteforcing (like after finding a list of usernames for a Windows
server over SMB, use those when bruteforcing a pop3 later). Right now
I'm storing them in the registry and using them for my own scripts, but
it might be good to make it more generic.

Any thoughts on if unpwdb can be extended for that kind of thing?

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org