Re: backorifice-info

[David Fifield <david () bamsoftware com>]

On Wed, Apr 20, 2011 at 04:41:15AM +0200, Gorjan Petrovski wrote:
> Hello,
>
> Thanks for the reply, the script is now much more readable :-)
> You will find the updated script attached to this mail and comments
> below the quoted reply.
>
> I've looked into writing a backorifice-brute script, which would
> actually initiate the backorifice-info script by identifying the
> service. The thing is that backorifice-brute would not search for the
> password to the service, instead it would search for the initial seed.
> This is because of the encryption algorithm: First, an initial seed is
> generated from the password and every next seed is generated from the
> initial seed and has no other correlation to the password. So in order
> to break the encryption, only an initial seed is necessary. The set of
> values for an initial seed is much smaller than the set of values for
> a password. That is why backorifice-brute will search for an inital
> seed and pass that to backorifice-info. I've modified backorifice-info
> to work with that initial seed if it has a value even though I haven't
> written backorifice-brute yet. You could wait until I write
> backorifice-brute, or add it now, it will work either way.

Thanks, Gorjan! I just added your script. Could you make another patch
that causes the script to call nmap.set_port_version to set the service
version and hostname?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/