Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Request for feedback on account status reported by *-brute scripts

From: Djalal Harouni <tixxdz () opendz org>
Date: Mon, 12 Sep 2011 15:28:37 +0100
On Sun, Sep 11, 2011 at 04:18:49PM -0500, Tom Sellers wrote:

On 9/11/2011 1:40 PM, Patrik Karlsson wrote:

Hi Tom,

I'm traveling at the moment and haven't had time to look at your changes. One think came to mind though, in regard 
to locked accounts; In oracle, if an account is locked the server will respond with account locked, regardless of 
whether the password is correct or not. This would make the change from "account locked" to "valid credentials, 
account locked" inaccurate. I'm not sure whether there are more services that behave this way among the changed 
ones.

Cheers,
Patrik

Sent from my iPhone




Thanks for pointing that out Patrik.  I am about to commit the changes to 'creds.lua' for this effort and I have
made the following adjustments to address the issue you brought up:

1. Left the response text for State.Valid and State.Locked as the original strings.
2. Added two new values  State.Locked_Valid  & State.Disabled_Valid

Tom 'State.DISABLED_VALID' was not defined, I've made a simple change to
avoid NSE fatal errors, commit 26460.

Thanks

-- 
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: