Nmap Development mailing list archives
ftp-brute script
From: David Fifield <david () bamsoftware com>
Date: Sun, 25 Jan 2009 23:13:33 -0700
On Thu, Jan 22, 2009 at 12:20:04AM +0100, Vlatko Kosturjak wrote:
David Fifield wrote:On Fri, Nov 07, 2008 at 07:41:58PM +0100, Vlatko Kosturjak wrote:xampp-default-auth => ftp-auth (I just modified xampp-default-auth to be more generic, it's just default FTP user/check anyway, not some "real" vuln... ). Changed script is in attachment.Thanks Vlatko. That's a good idea to give the script a more general name. As it is the script still only checks for an XAMPP vulnerability so I'll leave the name alone for now.In the meantime, I asked FX for approval to include FTP default passwords from his phenoelit dpl: http://www.phenoelit-us.org/dpl/ So, I have made new version of the script which is in attachment.
I committed your code improvements. I used the name ftp-brute.nse rather than ftp-auth.nse because this script acts much like our other brute scripts. I removed the nobody/e0e0e0e0 user name and password combination because a web search shows nothing related to FTP passwords. I do appreciate you taking the trouble to secure a password list. I left it out of this version of the script; I'll send you another message about that. What I would really like to have is some measurement of how often each auth combination is found, so that only the most likely credentials are tried. Otherwise the script can just get longer and slower as new passwords are added to it, and once a password is on, it can be hard to take it off again (like nobody/e0e0e0e0). David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: New script names Vlatko Kosturjak (Jan 21)
- ftp-brute script David Fifield (Jan 25)