Nmap Development mailing list archives
Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 10 Nov 2011 23:25:53 +0100
On Thu, Nov 10, 2011 at 10:36 AM, Vlatko Kosturjak <kost () linux hr> wrote:
On Thu, Nov 10, 2011 at 08:23:34AM +0100, Patrik Karlsson wrote:Thanks Kost! I'll check your scripts out later today! In regards to Nessus NTP I believe I was seeing that the account couldnotbe reliably detected in case the dictionary was big and the brute ranwithmultiple threads for a while. I'll see if I can find that out for you and let you know.Great and Thanks! I would like to investigate that behaviour since I did not experience it with the Perl script and NSE. BTW Since you're the NSE master ;) is there any way to force https directly from the script when using http.post? That would mitigate the current problem I mentioned, but not sure if that's the long term solution for this or for any other script. Thanks! -- Vlatko Kosturjak - KoSt
Hi Kost, I've tested, modified and committed two scripts so far. I experienced the same problem with the openvas-otp-brute script that I saw with Nessus. If you let it run for a while, it will fail due to "To many retries, aborted ..." These are the scripts and changes I committed: * openvas-otp-brute (r27058) - Changed to single thread due to "To many retries, aborted ..." when multiple threads are in use - Fixed silent require of SSL library * metasploit-xmlrpc-brute (r27059) - Guess password only, the username is always msf - Stop after finding the first (and only) password - Reliably detect whether SSL is to be used or not - Fixed silent require of SSL library - Removed 4 thread limit and removed thread argument I need to install some more services and do some more testing before I commit the remaining scripts. Thank's so the contribution so far! //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 13)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 17)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Henri Doreau (Nov 14)