Nmap Development mailing list archives
Re: User Enumeration Bug in smtp-enum-users.nse
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 20 Feb 2011 21:53:28 +0100
On Feb 20, 2011, at 07:21 , Josh Amishav-Zlatin wrote:
There is a bug in the smtp-enum-users.nse script that forces the script to stop enumerating over usernames when the first unknown user is queried via the RCPT TO method. This is due to the script not looking for the 550 "User Unknown" response in RCPT TO queries plus having a catch all "else" statement when examining the status codes. The following patch fixes the bug: 61,62c61 < INVALID = 4, < UNKNOWN = 5 ---INVALID = 4292,294d290 < elseif string.match(response, "^550") then < -- 550 User Unknown < return STATUS_CODES.UNKNOWN 400c396 < elseif status == STATUS_CODES.INVALID then ---else -- STATUS_CODES.INVALID-- - Josh _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Thanks for the patch Josh! I've tested it and applied it as r22314. For reference, it's the same bug that was previously reported, but not yet addressed, by Yehuda Eisenstark: http://seclists.org/nmap-dev/2011/q1/511 //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- User Enumeration Bug in smtp-enum-users.nse Josh Amishav-Zlatin (Feb 19)
- Re: User Enumeration Bug in smtp-enum-users.nse Patrik Karlsson (Feb 20)