Re: ftp brute using brute lib

[Patrik Karlsson <patrik () cqure net>]

On Sun, May 13, 2012 at 1:07 PM, Aleksandar Nikolic
<nikolic.alek () gmail com>wrote:

> Hi all,
>
>
> I needed to get to know the brute lib so I rewrote the ftp bruteforce
> script
> using brute lib. It reuses the same code from ftp-brute.nse modified
> to use brute lib.
>
> In my tests it has proven to be a lot faster than the previous version.
> For example:
> |   Statistics
> |_    Performed 510 guesses in 610 seconds, average tps: 0
>
> Check it out , and let me know what I need to improve.
>
> ,
> Aleksandar
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/


Hi Aleksander,

I had a quick look at it and I would suggest the following:
- Remove the check function in the Driver, it's no longer being used
- Connect the socket in the connect method, otherwise you may end up having
trouble when the maximum open sockets is reached. What happens is that the
brute library has pulled a user + password combination from the queue when
calling login and if the socket blocks at this point (doesn't move passed
connect) these credentials (being early in the list) won't be guessed until
the end, when sockets are starting to close.
- Close the socket in the disconnect function, for the same reason as
already mentioned.

You can check out some of the recent brute scripts to see how to do this,
but essentially you create the socket as self.socket = nmap.new_socket()
and it will be accessible in the other methods as self.socket.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/