Nmap Development mailing list archives
Re: Bug in smtp-enum-users.nse
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 11 Feb 2011 08:27:25 +0100
On Feb 10, 2011, at 21:44 , Yehuda Eisenstark wrote:
I am a complete newbie at NSE, so this may be completely off but, the smtp-enum-users.nse script contains the following code: elseif string.match(response, "^502") or string.match(response, "^252") or string.match(response, "^550") then -- The server doesn't implement the command or it is disallowed. return STATUS_CODES.NOTPERMITTED Many SMTP servers return a "550 User Unknown" in response to a "RCPT TO" request with an unknown user. The script starts enumerating users via "RCPT TO" but stops at the first "550 User Unknown" response and then tries using VRFY and EXPN for that user. The script never goes back to enumerating the rest of the users in the username file via "RCPT TO". If VRFY and EXPN don't work the script sends a QUIT and stops. Why is that?
I'm not sure, but it's most likely a bug as it shouldn't be a problem to enumerate users given that error message. Also, I'm not sure why the script iterates over all available methods rather than sticking to one proven to work. When I run it the script finds the root account using RCPT TO and the aborts on the next account (as it receives the 550 error) after testing VRFY and EXPN to. If you're up to submitting a patch for this I think it would be most welcome.
Thanks, Y _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Bug in smtp-enum-users.nse Yehuda Eisenstark (Feb 10)
- Re: Bug in smtp-enum-users.nse Patrik Karlsson (Feb 10)