Nmap Development mailing list archives

Re: ftp brute using brute lib

From: David Fifield <david () bamsoftware com>
Date: Mon, 14 May 2012 13:47:14 -0700

On Mon, May 14, 2012 at 09:07:41PM +0200, Patrik Karlsson wrote:

On Sun, May 13, 2012 at 5:51 PM, Aleksandar Nikolic
<nikolic.alek () gmail com>wrote:

I've made those changes.
See the attached script.


Hi Aleksander,

I tested your script and noticed two things:
1. The throughput could be further improved by lowering the socket timeout
to a value below the timeout value for incorrect login attempts. In my
quick tests I noticed a 4x speed increase will still giving me stable
results.
2. When an unhandled response occurs the script would miss the username and
password that generated the bad response. I've changed the code so that
this combination is retried instead until the max count of retries at which
point the brute engine aborts.

I've attached a patch with the changes. If you feel comfortable with them,
feel free to commit the updated script.


I am in agreement with Patrik. Please commit this script when you can.

(But before you do, try and make sure that the file is saved with Unix
line endings, not CRLF Windows line endings.)

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

ftp brute using brute lib Aleksandar Nikolic (May 13)
- Re: ftp brute using brute lib Patrik Karlsson (May 13)
  - Re: ftp brute using brute lib Aleksandar Nikolic (May 13)
    - Re: ftp brute using brute lib Patrik Karlsson (May 14)
    - Re: ftp brute using brute lib David Fifield (May 14)
    - Re: ftp brute using brute lib Aleksandar Nikolic (May 14)