Nmap Development mailing list archives
Re: pop3-brute.nse (I think)
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 8 Apr 2010 21:21:20 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 08 Apr 2010 16:14:24 -0500 Daniel Miller <bonsaiviking () gmail com> wrote:
Not really a problem, but an optimization, I think. While trying out --script '*', I noticed that my test target was responding that the method of authentication being used on port 995 was unacceptable. This is on Ubuntu 9.10, running Dovecot. Here's the conversation according to Wireshark: S: +OK Dovecot ready. C: USER root S: -ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections. This goes on and on. Might be best to just give up if getting this error, but I don't know how general that solution would be. Dan
I have some code that uses the output of the pop3-capabilities script to figure out if SSL is required or not. I suppose that logic could be adapted to pop3-brute and pop3-capabilities be made a dependency for brute. The logic is roughly: If the service isn't already wrapped in SSL, if it doesn't present STLS as a capability then you aren't secure. If it does present STLS but also presents either "USER" or "SASL(PLAIN)" or "SASL(LOGIN)" it doesn't require SSL but supports it. If it present STLS but no login ability then it requires SSL. The perl code is: # "pop3-capabilities" if ($ps_script eq 'pop3-capabilities') { # Make sure the service isn't SSL if ($ps_service !~ m/^ssl\//) { # Supports SSL/STARTTLS? if ($ps_data =~ m/STLS/) { if (($ps_data =~ m/USER/) || ($ps_data =~ m/SASL\( [^\)]*(?:PLAIN|LOGIN) [^\)]*\)/x)) { push @warning, {('name'=>'POP3WEAKAUTH', 'severity'=>5, 'text'=>'POP3 server on ' . $ps_port . ' supports ' . 'plaintext authentication ' . 'without enforcing SSL')}; } } else { if (($ps_data =~ m/USER/) || ($ps_data =~ m/SASL\( [^\)]*(?:PLAIN|LOGIN) [^\)]*\)/x)) { push @warning, {('name'=>'POP3WEAKAUTHNOSSL', 'severity'=>7, 'text'=>'POP3 server on ' . $ps_port . ' supports ' . 'plaintext authentication ' . 'but not SSL')}; } } } Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAku+SNYACgkQqaGPzAsl94JX6wCfTWPFUzEkCTKzlhPLK345HDe6 cfkAniEE1xhW/4IQhKa4BJ+QSKqszKxD =w77u -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- pop3-brute.nse (I think) Daniel Miller (Apr 08)
- Re: pop3-brute.nse (I think) Ron (Apr 08)
- Re: pop3-brute.nse (I think) Brandon Enright (Apr 08)
- Re: pop3-brute.nse (I think) David Fifield (Apr 15)