Re: nse crypto

[Toni Ruottu <toni.ruottu () iki fi>]

Seems to work. Thanks for the fix!

On Sun, Mar 13, 2011 at 1:51 AM, Patrik Karlsson <patrik () cqure net> wrote:
> Thanks Toni. I've committed a fix in r22561.
>
> //Patrik
>
> Den 2011-03-13 00.39 skrev Toni Ruottu <toni.ruottu () iki fi>:
>
> > Debug output tells me:
> > NSE: Trying <empty> against 127.0.0.1:9929
> >
> > but the result ends up stating:
> > 9929/tcp open  nping-echo syn-ack
> > | nping-brute:
> > |   Accounts
> > |      => Login correct
> > |   Statistics
> > |_    Perfomed 10 guesses in 10 seconds, average tps: 1
> >
> > You can run an nping server with empty password by commanding:
> > nping --es ""
> > Nping ships with nmap. So you should have it, if you have installed a
> > relatively new nmap on your system.
> >
> > On Sat, Mar 12, 2011 at 6:32 PM, Patrik Karlsson <patrik () cqure net> wrote:
> > > Den 2011-03-12 16.56 skrev Toni Ruottu <toni.ruottu () iki fi>:
> > >
> > > > Here is a new version that uses the brute library. I did not notice
> > > > any speed ups, but using the library seems a good idea anyway, as it
> > > > makes this work similarly to other scripts.
> > > >
> > > > Should the library replace an empty password with <empty> when it is
> > > > reporting results? I though I should not do that, as the library could
> > > > define a standard way for doing such things.
> > >
> > > The library should replace an empty password with <empty>. In case it
> > > doesn't this is a bug.
> > > I don't have a nping server setup myself to test this though.
> > > I've tested the script against the IP below and it works for me.
> > > I get roughly one try per second.
> > >
> > > > On Fri, Mar 11, 2011 at 10:25 PM, David Fifield <david () bamsoftware com>
> > > > wrote:
> > > > > On Fri, Mar 11, 2011 at 02:29:39AM +0200, Toni Ruottu wrote:
> > > > > > I got the script written using openssl. In the end the crypto was
> > > > > > surprisingly manageable, compared to dealing with IPv6 addresses. :-)
> > > > > >
> > > > > > I have attached the script to this email. I am running an instance of
> > > > > > nping echo server with password 12345 at 174.129.239.201 Feel free to
> > > > > > test the script against it by commanding
> > > > > >
> > > > > > nmap 174.129.239.201 -p 9929 --script=nping-brute
> > > > > >
> > > > > > Trying out passwords is somewhat slow, so testing with really easy
> > > > > > ones may be a good idea. Add -d -d to the command line to see
> > > > > > progress.
> > > > >
> > > > > I tried it. It found the correct password after three guesses in 6
> > > > > seconds. It seems to do about 1 guess per second on another server.
> > > > >
> > > > > I think the way to speed it up is to use the brute.lua library. See
> > > > > Patrik Karlsson's brute scripts for examples of using it.
> > > > >
> > > > > David Fifield
> > > > _______________________________________________
> > > > Sent through the nmap-dev mailing list
> > > > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > > > Archived at http://seclists.org/nmap-dev/
> > >
> > > //Patrik
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/