Nmap Development mailing list archives
Re: [NSE] metasploit-msgrpc-brute
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 29 Jun 2012 21:12:27 +0200
On Fri, Jun 29, 2012 at 10:53 AM, Aleksandar Nikolic <nikolic.alek () gmail com
wrote:
Hi all, as was requested, I've written a new brute script for Metasploit's rpc service. The script has a encode function which "emulates" the way msgpack packs data. Packed data is sent to the service in a form of POST request. description = [[ Performs brute force username and password guessing against Metasploit msgrpc interface. ]] --- -- @usage -- nmap --script metasploit-msgrpc-brute -p 55553 <host> -- -- This script uses brute library to perform password -- guessing agains Metasploit's msgrpc interface. -- -- -- @output -- PORT STATE SERVICE REASON -- 55553/tcp open unknown syn-ack -- | metasploit-msgrpc-brute: -- | Accounts -- | root:root - Valid credentials -- | Statistics -- |_ Performed 10 guesses in 10 seconds, average tps: 1 Check the script , and tell me what you think. If everything is fine, I'll move it to the trunk tomorrow. Aleksandar _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi Aleksander, Nice job implementing this new protocol and script. One thing, when you can't determine whether the login was successful or not as in the following; return false, brute.Error:new("Login didn't return a proper response") It makes sense to set the retry field on the error returned by the login function (check other scripts for how it's done). This is a way to tell the engine that something was unexpected (timeout, or something else) and thereby doesn't consume the user/password pair that was tested. After a number of subsequent retries (10 per default I think) the engine will abort alerting the user. This is useful when the service has gotten in some sort of condition where it can no longer service the requests (IP lockout or some sort of DoS condition). The benefit with this is that instead of finishing normally without any warning, potentially missing valid logins, the user is alerted of the fact that something failed. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] metasploit-msgrpc-brute Aleksandar Nikolic (Jun 29)
- Re: [NSE] metasploit-msgrpc-brute Patrik Karlsson (Jun 29)
- <Possible follow-ups>
- Re: [NSE] metasploit-msgrpc-brute HD Moore (Jun 29)
- Re: [NSE] metasploit-msgrpc-brute Patrik Karlsson (Jun 29)
- Re: [NSE] metasploit-msgrpc-brute Aleksandar Nikolic (Jun 29)
- Re: [NSE] metasploit-msgrpc-brute David Fifield (Jun 29)
- Re: [NSE] metasploit-msgrpc-brute Aleksandar Nikolic (Jun 30)
- Re: [NSE] metasploit-msgrpc-brute Patrik Karlsson (Jun 29)