Nmap Development mailing list archives
Re: ftp brute using brute lib
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 14 May 2012 21:07:41 +0200
On Sun, May 13, 2012 at 5:51 PM, Aleksandar Nikolic <nikolic.alek () gmail com>wrote:
I've made those changes. See the attached script. On Sun, May 13, 2012 at 1:15 PM, Patrik Karlsson <patrik () cqure net> wrote:On Sun, May 13, 2012 at 1:07 PM, Aleksandar Nikolic < nikolic.alek () gmail com> wrote:Hi all, I needed to get to know the brute lib so I rewrote the ftp bruteforce script using brute lib. It reuses the same code from ftp-brute.nse modified to use brute lib. In my tests it has proven to be a lot faster than the previous version. For example: | Statistics |_ Performed 510 guesses in 610 seconds, average tps: 0 Check it out , and let me know what I need to improve. , Aleksandar _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Hi Aleksander, I had a quick look at it and I would suggest the following: - Remove the check function in the Driver, it's no longer being used - Connect the socket in the connect method, otherwise you may end up having trouble when the maximum open sockets is reached. What happens is that the brute library has pulled a user + password combination from the queue when calling login and if the socket blocks at this point (doesn't move passed connect) these credentials (being early in the list) won't be guessed until the end, when sockets are starting to close. - Close the socket in the disconnect function, for the same reason as already mentioned. You can check out some of the recent brute scripts to see how to do this, but essentially you create the socket as self.socket = nmap.new_socket() and it will be accessible in the other methods as self.socket. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi Aleksander, I tested your script and noticed two things: 1. The throughput could be further improved by lowering the socket timeout to a value below the timeout value for incorrect login attempts. In my quick tests I noticed a 4x speed increase will still giving me stable results. 2. When an unhandled response occurs the script would miss the username and password that generated the bad response. I've changed the code so that this combination is retried instead until the max count of retries at which point the brute engine aborts. I've attached a patch with the changes. If you feel comfortable with them, feel free to commit the updated script. Good work! //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
Attachment:
ftp-brute.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ftp brute using brute lib Aleksandar Nikolic (May 13)
- Re: ftp brute using brute lib Patrik Karlsson (May 13)
- Re: ftp brute using brute lib Aleksandar Nikolic (May 13)
- Re: ftp brute using brute lib Patrik Karlsson (May 14)
- Re: ftp brute using brute lib David Fifield (May 14)
- Re: ftp brute using brute lib Aleksandar Nikolic (May 14)
- Re: ftp brute using brute lib Aleksandar Nikolic (May 13)
- Re: ftp brute using brute lib Patrik Karlsson (May 13)