Re: http-barracuda-dir-traversal.nse

[Brendan Coles <bcoles () gmail com>]

Version 0.2 is attached which implements the suggested changes.

A user count is provided, a reference to the full disclosure post was added
and error handling was improved.

Regards,

Brendan Coles
http://itsecuritysolutions.org


On Fri, Jun 10, 2011 at 6:48 AM, Patrik Karlsson <patrik () cqure net> wrote:

> I've sent a proposed solution, a library and a few sample scripts to the
> list.
> http://seclists.org/nmap-dev/2011/q2/504
>
> As I didn't get a single comment on it, I simply forgot about it.
> I think it's a good solution (obviously as I wrote and posted it), if you
> have the time to check it out and think so as well, I'm happy to commit it.
> Once committed, new scripts can make use of it and I can start changing
> the brute library to use it to.
>
> Cheers,
> //Patrik
>
> > I understood we had a user credential database for scripts to record
> > the passwords they find. It was created, so brute scripts would not
> > need to duplicate that functionality. Has the credential database been
> > applied to trunk, or is it still being discussed?
> >
> > On Wed, Jun 8, 2011 at 7:50 PM, Michael Lubinski
> > <michael.lubinski () gmail com> wrote:
> > > Worth referring to an old link about this topic;
> > >
> > > http://seclists.org/fulldisclosure/2010/Oct/11<
> http://seclists.org/fulldi
> > > sclosure/2010/Oct/119>
> > > 9 <http://seclists.org/fulldisclosure/2010/Oct/119>
> > >
> > > I would say still relevant though, Ive seen barracuda passwords match
> > > the
> > > domain admin password in the past.
> > >
> > > On Wed, Jun 8, 2011 at 11:01 AM, Gutek <ange.gutek () gmail com> wrote:
> > >
> > > > -----BEGIN PGP SIGNED MESSAGE-----
> > > > Hash: SHA1
> > > >
> > > > Le 08/06/2011 06:00, Brendan Coles a écrit :
> > > > There's tonnes of information available in the
> > > > > Barracuda config files, including plaintext passwords for all mail
> > > > accounts.
> > > > > The configuration files often contain hundreds (if not thousands) of
> > > > user
> > > > > accounts so I've left this information out for now.
> > > >
> > > > (script not tested yet)
> > > > So, maybe it would be useful to report if such accounts are present,
> > > > and
> > > > how many ? that way the nmap user would be aware of this critical info
> > > > and could investigate further.
> > > >
> > > > Thanks for this script,
> > > >
> > > > A.G.
> > > > -----BEGIN PGP SIGNATURE-----
> > > > Version: GnuPG v2.0.16 (GNU/Linux)
> > > > Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
> > > >
> > > > iEUEARECAAYFAk3vnOwACgkQ3aDTTO0ha7ivDgCfX2ej9Ux/IKZF8aMRB9AT8RYp
> > > > HAMAljTDsfhww+AiXnJ3XcxBRKsDlOI=
> > > > =jnfg
> > > > -----END PGP SIGNATURE-----
> > > > _______________________________________________
> > > > Sent through the nmap-dev mailing list
> > > > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > > > Archived at http://seclists.org/nmap-dev/
> > > _______________________________________________
> > > Sent through the nmap-dev mailing list
> > > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > > Archived at http://seclists.org/nmap-dev/
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
>
>
> --
> Patrik Karlsson
> http://www.cqure.net
> http://www.twitter.com/nevdull77

Attachment: http-barracuda-dir-traversal.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/