Nmap Development mailing list archives

Re: [NSE] metasploit-msgrpc-brute

From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 29 Jun 2012 21:12:27 +0200

On Fri, Jun 29, 2012 at 10:53 AM, Aleksandar Nikolic <nikolic.alek () gmail com

wrote:

Hi all,

as was requested, I've written a new brute script for Metasploit's
rpc service.
The script has a encode function which "emulates" the way msgpack
packs data. Packed data is sent to the service in a form of POST request.



description = [[
Performs brute force username and password guessing against
Metasploit msgrpc interface.

]]

---
-- @usage
-- nmap --script metasploit-msgrpc-brute -p 55553 <host>
--
-- This script uses brute library to perform password
-- guessing agains Metasploit's msgrpc interface.
--
--
-- @output
-- PORT      STATE SERVICE REASON
-- 55553/tcp open  unknown syn-ack
-- | metasploit-msgrpc-brute:
-- |   Accounts
-- |     root:root - Valid credentials
-- |   Statistics
-- |_    Performed 10 guesses in 10 seconds, average tps: 1


Check the script , and tell me what you think.
If everything is fine, I'll move it to the trunk tomorrow.

Aleksandar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Hi Aleksander,

Nice job implementing this new protocol and script.
One thing, when you can't determine whether the login was successful or not
as in the following;
return false, brute.Error:new("Login didn't return a proper response")

It makes sense to set the retry field on the error returned by the login
function (check other scripts for how it's done).
This is a way to tell the engine that something was unexpected (timeout, or
something else) and thereby doesn't consume the user/password pair that was
tested. After a number of subsequent retries (10 per default I think) the
engine will abort alerting the user. This is useful when the service has
gotten in some sort of condition where it can no longer service the
requests (IP lockout or some sort of DoS condition). The benefit with this
is that instead of finishing normally without any warning, potentially
missing valid logins, the user is alerted of the fact that something failed.

Cheers,
Patrik

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] metasploit-msgrpc-brute Aleksandar Nikolic (Jun 29)
- Re: [NSE] metasploit-msgrpc-brute Patrik Karlsson (Jun 29)
- <Possible follow-ups>
- Re: [NSE] metasploit-msgrpc-brute HD Moore (Jun 29)
  - Re: [NSE] metasploit-msgrpc-brute Patrik Karlsson (Jun 29)
    - Re: [NSE] metasploit-msgrpc-brute Aleksandar Nikolic (Jun 29)
    - Re: [NSE] metasploit-msgrpc-brute David Fifield (Jun 29)
    - Re: [NSE] metasploit-msgrpc-brute Aleksandar Nikolic (Jun 30)