Nmap Development mailing list archives

Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 10 Nov 2011 23:25:53 +0100

On Thu, Nov 10, 2011 at 10:36 AM, Vlatko Kosturjak <kost () linux hr> wrote:

On Thu, Nov 10, 2011 at 08:23:34AM +0100, Patrik Karlsson wrote:

Thanks Kost!

I'll check your scripts out later today!
In regards to Nessus NTP I believe I was seeing that the account could

not

be reliably detected in case the dictionary was big and the brute ran

with

multiple threads for a while. I'll see if I can find that out for you and
let you know.


Great and Thanks!

I would like to investigate that behaviour since I did not experience it
with the Perl script and NSE.

BTW Since you're the NSE master ;) is there any way to force https directly
from the script when using http.post? That would mitigate the current
problem
I mentioned, but not sure if that's the long term solution for this or for
any other script.

Thanks!
--
Vlatko Kosturjak - KoSt


Hi Kost,

I've tested, modified and committed two scripts so far.
I experienced the same problem with the openvas-otp-brute script that I saw
with Nessus.
If you let it run for a while, it will fail due to "To many retries,
aborted ..."
These are the scripts and changes I committed:

* openvas-otp-brute (r27058)
- Changed to single thread due to "To many retries, aborted ..." when
multiple threads are in use
- Fixed silent require of SSL library
* metasploit-xmlrpc-brute (r27059)
- Guess password only, the username is always msf
- Stop after finding the first (and only) password
- Reliably detect whether SSL is to be used or not
- Fixed silent require of SSL library
- Removed 4 thread limit and removed thread argument

I need to install some more services and do some more testing before I
commit the remaining scripts.
Thank's so the contribution so far!

//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 09)
  - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 11)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 13)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 17)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
    - Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Henri Doreau (Nov 14)