Nmap Development mailing list archives
RE: [NSELIB/NSE] Updates SMB/MSRPC scripts
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Sun, 5 Oct 2008 11:43:17 +0100
Hi Ron, According to the online documentation here: http://technet.microsoft.com/en-us/library/cc736566.aspx Maximum password age This security setting determines the period of time (in days) that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the Minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days. There's also similar info for Windows Server 2008 at: http://technet.microsoft.com/en-us/library/cc264456.aspx I think it might be safe to assume that anything outside of the range 0-999 is a bogus value for the maximum password age. Similarly, the minimum password age should be 0-998 and less than the specified maximum password age. Rob
-----Original Message----- From: Ron [mailto:ron () skullsecurity net] Sent: 05 October 2008 00:43 Cc: nmap-dev Subject: Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Fyodor wrote:On Sat, Oct 04, 2008 at 09:38:18PM +0100, jah wrote: Nice! Thanks for testing. It is exciting to get a script like this! It might be nice to make the output a bit more compact though. For example, instead of: | |_ Min password length: 0 characters | |_ Max password age: 42 days | |_ Min password age: 0 days | |_ Lockout threshold: 0 login attempts | |_ Lockout duration: 30 minutes | |_ Lockout window: 30 minutes Maybe it could be two lines, such as: | |_ Password min-length: 0; min-age: 0 days; max-age: 42 days | |_ Account lockout threshold: 0 attempts; duration: 30 min;window: 30 minOr maybe it could be even smarter and note that Account lockout is disabled (I assume that is what a threshold of 0 means). I don't want this to delay inclusion of the scripts or anything, but it would still be nice to think of what can be done to reduce the number of lines printed. We need to be careful not to let Nmapoutputget too bloated. Cheers, -FA quick question for anybody with an opinion: Windows is kind of odd, and, even when a max age isn't specified, it still returns something: | |_ Max password age: 10675199 days I'm not sure exactly where that number comes from, but how do you think I should handle it? I could check if the age is greater than 10,000,000 days, or I could just compare it to 100,000 days (I don't think anybody will care if passwords expire in >250 years). Or, I can just display that the password will expire in 10 million days and let the user figure out what that means (that's what I'm doing right now). Any thoughts on this? _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts, (continued)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts David Fifield (Oct 03)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts David Fifield (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts jah (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Fyodor (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts David Fifield (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Fyodor (Oct 04)
- RE: [NSELIB/NSE] Updates SMB/MSRPC scripts Aaron Leininger (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- RE: [NSELIB/NSE] Updates SMB/MSRPC scripts Rob Nicholls (Oct 05)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts David Fifield (Oct 03)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)