Re: [NSE] Multi-threaded telnet-brute

[David Fifield <david () bamsoftware com>]

On Wed, Aug 07, 2013 at 01:55:30AM +0000, nnposter () users sourceforge net wrote:
> I have put together another revision of telnet-brute.nse with the
> objective of utilizing nselib/brute.lua.
>
> Notable features:
>
> - Multi-threaded (thanks to nselib/brute.lua)
>
> - Can automatically reduce number of threads if it senses that the
>   target supports less than what brute.lua wants to use. Without this
>   feature the script tends to bail out because brute.lua default of 10
>   threads is too much for a lot of telnet targets. This saves the user
>   the trouble of finding out how much the target can take before
>   launching the script.
>
> - Uses connection pooling for sending multiple login attempts across
>   the same connection. This significantly improves performance.
>
> - Supports password-only logins.

Thanks, I committed this new revision in r31834.

> I would very much appreciate if the community tested the script against
> additional target types. If you find the script does not work in your
> particular environment then please run it single-threaded (i.e.,
> --script-args brute.threads=1) and send me the full nmap output with
> debug level 3 (-ddd). Feel free to edit the output to replace the
> individual password characters but please do not alter the output
> otherwise.
>
> Any constructive feedback is very welcome.

These are the results I saw running against Linux telnetd.

2223/tcp open  telnet  syn-ack Linux telnetd
| telnet-brute:
|   Accounts
|     No valid accounts found
|   Statistics
|     Performed 73 guesses in 114 seconds, average tps: 0
|
|_ ERROR: Too many retries, aborted ...

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/