Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: backorifice-brute NSE script

From: Vlatko Kosturjak <kost () linux hr>
Date: Wed, 04 May 2011 15:22:48 +0200
On 05/03/2011 12:32 AM, Gorjan Petrovski wrote:

Hello,

I've been somewhat busy this weekend, and the result is a
backorifice-brute script that utilizes the brute library to guess
passwords against the BackOrifice service. The backorifice class
contains the basic functions for encryption and a try_password
function which sends an encrypted PING packet to the service and
checks whether the response is correct. This script is nearly
finished, since some things are still unclear to me:


Gorjan,

congrats on the nice script & work.

Cracking BO password should be actually doable by really brute forcing
it. I remember I was doing it for fakebo long time ago. Take a look for
ideas at:
http://fakebo.cvs.sourceforge.net/viewvc/fakebo/fakebo-cvs/fakebo.c?revision=1.1.1.1&view=markup
from line 1022 (it's time when GCC did not have proper optimization so
you had to use lot of if()s)

Regarding what info script should display, IMHO it should display only
basics: version info and eventual password as anyway I would take real
client and connect for any further work. I only see usefulness of
extracting bunch of data if that data would be stored in Nmap registry
and reused by some other scripts. Again, it's my personal opinion and
doesn't mean that it is correct...

Kost
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: