Re: Question about unpwdb filter_iterator

[Phil <mainframed767 () gmail com>]

Hey Dan, 

I just downloaded and compiled the latest nmap and will confirm that your change fixed the issue:

NSE: [node-brute 10.10.0.21:23] Checking: root
NSE: [node-brute 10.10.0.21:23] Checking: admin
NSE: [node-brute 10.10.0.21:23] Checking: administrator
NSE: [node-brute 10.10.0.21:23] Checking: webadmin

Usually the script would die at administrator, thanks for the fix!



> On Apr 16, 2015, at 8:28 PM, Daniel Miller <bonsaiviking () gmail com> wrote:
>
> Phil,
>
> I checked, and we have no scripts that currently use unpwdb.filter_iterator(). I'd guess nobody thought through the 
> implications of its current behavior. What it does is not really filter, but rather transforms each invalid entry to 
> nil. This makes it really impossible to tell when the iterator is done, since a nil return is supposed to be a signal 
> that the iterator is done. I've just pushed a change to fix this; in the meantime, you can use this function instead 
> of unpwdb.filter_iterator():
>
> function filter_iterator (iterator, filter)
>   return function (command)
>     if command == "reset" then
>       iterator "reset"
>     else
>       local val = iterator(command)
>       while val and not filter(val) do
>         val = iterator(command)
>       end
>       return val
>     end
>   end
> end
>
> (I realize now that it's still over-complicated, since the reset case should return nil, but this is what I came up 
> with at the moment, and it's still correct.)
>
> Dan
>
> On Thu, Apr 16, 2015 at 5:51 PM, Phil <mainframed767 () gmail com <mailto:mainframed767 () gmail com>> wrote:
> I’m writing a few scripts for mainframe activities and they have some really interesting rules for usernames/password.
>
> I’m working on a brute force script and for now want to limit usernames to only contain characters/numbers and be 
> less than or equal to eight chars in length.
>
> Should be easy:
>
> local valid_name = function(x)
>         local patt = "[%w]"
>         return (string.len(x) <= 8 and string.match(x,patt))
> end
>
> later in action = function( host, port ) I put this:
>
> local users = unpwdb.filter_iterator(brute.usernames_iterator(),valid_name)
>
>
> And in my usernames.lst file I have 7 users:
>
> root
> admin
> administrator
> webadmin
> sysadmin
> netadmin
> test
>
> Now, what I expected to happen is that it would iterate through root, admin, webadmin, sysadmin, netadmin and test. 
> In reality, filter_iterator returns root and admin, then nil and my script ends after only testing those two users.
>
> Am I doing something wrong? Am I misunderstanding how filter_iterator works? For now I’m working around it by placing 
> a check in the login function for brute but I don’t think thats the right way to do it.
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev>
> Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/>

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/