Nmap Development mailing list archives
Re: Updated SMB scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 24 Dec 2008 19:34:52 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/24/2008 03:06 PM, Ron wrote:
On a somewhat tangential topic (but, while I still have your attention :) ), I'm working on a bruteforce script for SMB that I didn't include in the latest update. I started using unpwdb which I think was written by you, but it has some limitations. For instance, I want to be able to collect usernames as I go along (especially from boxes that let me pull a list of users either before or after finding a login), and prioritize commonly found usernames/passwords as I go along (ie, when a password is discovered, it's moved to the top of the list). It'd also be useful to use the collected usernames/passwords for other bruteforcing (like after finding a list of usernames for a Windows server over SMB, use those when bruteforcing a pop3 later). Right now I'm storing them in the registry and using them for my own scripts, but it might be good to make it more generic. Any thoughts on if unpwdb can be extended for that kind of thing?
I don't see why not, though my Lua is already incredibly rusty since I'm using Ruby more and more (Metasploit) while not doing any NSE stuff. These seem like good ideas so if nobody wants to take this I may find some time to mess around and get it going.
Ron
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJUuM0AAoJEEQxgFs5kUfukE8QAIoWcam5Ufd9tUFv7B+txNrM WVcLBpnuZlqpu8LMvu9XVqZXUkYPMA2WP31TRrKIBPU4H4yl37CIH6TwhrwV4PoM DmZ4bnG9SU4I9LkSQEf9UUQrl59ktYNXY0N7dzxefe9eDUgHw3RRH8mAjGZ2q2p1 2rvcae/RHeMquEj/eqi2K/q8okR+mykD5ozkZ26p747mo3vVueiELOH8BmTdImo3 P2fQGcn+tK3DW9KQ5o/3i9HECMHp0srQpUl4ByQjHlJPATbbsaOdHUe1VkU1/eMf S+sd8ghdNQWIlW8WtJZ3GnGYJ9GabGFZqrPkzbU/AiyHGr8gu6ed8krpgjVh6cj2 QfqkTtVuc0PQ1z03tsY4No74/aEXp8EM4ceZ9pMl9HujW7nDDWvBG6wc8BL89CIa g+XGWij7DoCc0tKACTSlkugDBb5QZqcN0yj/unCFJlGmApvQnJeJLZRN1cQPv2QB VHhfXaw3TCNcRcdD67RwOca/1GolDbYvRn610RQ5/QUrR/YLEY7cOLviQGdHYK3I UOPYohy/fTgRUT2H14G+XfdY1sd9S2q56kcUWUXtsNxCOzEiUEb1FS1AtWIBiFia 5SO+OhiI1WTZIgaLelcVZqu0LtycdM7AnixNng+BXzXB4DXOVJrX8PSwpJcaFA5L bcwFNgqMPE1x/Dq9gMFt =gyCY -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Updated SMB scripts Ron (Dec 23)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 28)
- Re: Updated SMB scripts David Fifield (Dec 28)
- Re: Updated SMB scripts David Fifield (Dec 29)
- Re: Updated SMB scripts Ron (Dec 29)
- Re: Updated SMB scripts jah (Dec 29)