Nmap Development mailing list archives
Re: Some scripts for analyzing NetBus
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 13 Dec 2010 23:53:48 +0200
The scripts store a password in nmap.registry.netbuspassword. This won't work if more than host with different passwords is scanned at the same time. You should make this indexed by IP address and port number.
I'll look into this.
If there's no password set on the server, the output of netbus-brute is: |_netbus-brute: There should be some message to make clear that it's an empty or blank password.
It is indeed a blank password. I think trying to log in with "foo" (when the blank password is set) would cause an error, but I'd need to check to be sure. Is some other brute script reporting a blank? I could copy the message format to remain consistent.
Similarly netbus-auth-bypass fails to report if it was able to connect with a blank password: socket:send("Password;1;\r") --password: empty if buffer() ~= "Access;1" then return end socket:send("Password;1; \r") --password: space if buffer() == "Access;1" then return "Vulnerable" end There should be an "else" on that second "if" that says, "Not vulnerable, but password is blank."
Oh, I thought it would be task of netbus-brute to figure that out. Maybe it makes sense to detect that here too. :-)
Wow, I tried running NetBus170 on a Fedora VM under WINE, and your right. The "Screendump" button even gets a copy of the whole GNOME desktop.
One of the scripts messed up the server (which you warned about) so that every button brings up a dialog reading "Sorry, host is password protected." I think this was netbus-auth-bypass. I moved the script into the "intrusive" category because of this. Can you explain what circumstances cause the server to be locked out so it can be documented?
I think any failed authentication attempt will fail sessions for everyone, but I have to check how this behaves with blank passwords. --Toni _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Some scripts for analyzing NetBus Toni Ruottu (Dec 02)
- Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 03)
- Re: Some scripts for analyzing NetBus Max (Dec 03)
- Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 08)
- Re: Some scripts for analyzing NetBus Ron (Dec 08)
- Re: Some scripts for analyzing NetBus Patrick Donnelly (Dec 08)
- Re: Some scripts for analyzing NetBus Rob Nicholls (Dec 08)
- Re: Some scripts for analyzing NetBus Arturo 'Buanzo' Busleiman (Dec 08)
- Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 03)
- Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 13)
- Re: Some scripts for analyzing NetBus David Fifield (Dec 14)
- Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 30)
- Re: Some scripts for analyzing NetBus David Fifield (Dec 30)