Nmap Development mailing list archives
User Enumeration Bug in smtp-enum-users.nse
From: Josh Amishav-Zlatin <jamuse () gmail com>
Date: Sun, 20 Feb 2011 08:21:45 +0200
There is a bug in the smtp-enum-users.nse script that forces the script to stop enumerating over usernames when the first unknown user is queried via the RCPT TO method. This is due to the script not looking for the 550 "User Unknown" response in RCPT TO queries plus having a catch all "else" statement when examining the status codes. The following patch fixes the bug: 61,62c61 < INVALID = 4, < UNKNOWN = 5 ---
INVALID = 4
292,294d290 < elseif string.match(response, "^550") then < -- 550 User Unknown < return STATUS_CODES.UNKNOWN 400c396 < elseif status == STATUS_CODES.INVALID then ---
else -- STATUS_CODES.INVALID
-- - Josh _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- User Enumeration Bug in smtp-enum-users.nse Josh Amishav-Zlatin (Feb 19)
- Re: User Enumeration Bug in smtp-enum-users.nse Patrik Karlsson (Feb 20)