Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

User Enumeration Bug in smtp-enum-users.nse

From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Sun, 20 Feb 2011 08:21:45 +0200
There is a bug in the smtp-enum-users.nse script that forces the
script to stop enumerating over usernames when the first unknown user
is queried via the RCPT TO method. This is due to the script not
looking for the 550 "User Unknown" response in RCPT TO queries plus
having a catch all "else" statement when examining the status codes.
The following patch fixes the bug:

61,62c61
<       INVALID = 4,
<       UNKNOWN = 5
---

      INVALID = 4

292,294d290
<       elseif string.match(response, "^550") then
<               -- 550 User Unknown
<               return STATUS_CODES.UNKNOWN
400c396
<                       elseif status == STATUS_CODES.INVALID then
---

                      else -- STATUS_CODES.INVALID


--
 - Josh
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: