Nmap Development mailing list archives
Re: http-barracuda-dir-traversal.nse
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 9 Jun 2011 11:11:05 +0300
I understood we had a user credential database for scripts to record the passwords they find. It was created, so brute scripts would not need to duplicate that functionality. Has the credential database been applied to trunk, or is it still being discussed? On Wed, Jun 8, 2011 at 7:50 PM, Michael Lubinski <michael.lubinski () gmail com> wrote:
Worth referring to an old link about this topic; http://seclists.org/fulldisclosure/2010/Oct/11<http://seclists.org/fulldisclosure/2010/Oct/119> 9 <http://seclists.org/fulldisclosure/2010/Oct/119> I would say still relevant though, Ive seen barracuda passwords match the domain admin password in the past. On Wed, Jun 8, 2011 at 11:01 AM, Gutek <ange.gutek () gmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 08/06/2011 06:00, Brendan Coles a écrit : There's tonnes of information available in theBarracuda config files, including plaintext passwords for all mailaccounts.The configuration files often contain hundreds (if not thousands) of user accounts so I've left this information out for now.(script not tested yet) So, maybe it would be useful to report if such accounts are present, and how many ? that way the nmap user would be aware of this critical info and could investigate further. Thanks for this script, A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEUEARECAAYFAk3vnOwACgkQ3aDTTO0ha7ivDgCfX2ej9Ux/IKZF8aMRB9AT8RYp HAMAljTDsfhww+AiXnJ3XcxBRKsDlOI= =jnfg -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-barracuda-dir-traversal.nse Brendan Coles (Jun 07)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Toni Ruottu (Jun 09)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 09)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 09)
- Re: http-barracuda-dir-traversal.nse David Fifield (Jun 14)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 14)
- Re: http-barracuda-dir-traversal.nse Paulino Calderon (Jun 28)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Fyodor (Jun 14)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 19)
- Re: http-barracuda-dir-traversal.nse Toni Ruottu (Jun 19)
- Re: http-barracuda-dir-traversal.nse Djalal Harouni (Jun 20)
- Re: creds-summary David Fifield (Jun 20)