Nmap Development mailing list archives
Re: backorifice-brute NSE script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Wed, 4 May 2011 16:52:34 +0300
Cracking BO password should be actually doable by really brute forcing it. I remember I was doing it for fakebo long time ago. Take a look for ideas at: http://fakebo.cvs.sourceforge.net/viewvc/fakebo/fakebo-cvs/fakebo.c?revision=1.1.1.1&view=markup from line 1022 (it's time when GCC did not have proper optimization so you had to use lot of if()s)
Without looking at this, there is some cheap computational cracking you could do, IF you had an encrypted packet. Snort does this for bypassing BO traffic. However you can not get an encrypted packet without knowing the password/seed, or wiretapping. I assume nmap is not the best tool for a wire tapping password detector, but I could be wrong.
Regarding what info script should display, IMHO it should display only basics: version info and eventual password as anyway I would take real client and connect for any further work. I only see usefulness of extracting bunch of data if that data would be stored in Nmap registry and reused by some other scripts. Again, it's my personal opinion and doesn't mean that it is correct...
I think this is not the question Gorjan is asking. As the script uses the brute library, it will probably use the standard brute library output style. However, I do think that recording version information makes sense. The only reason why you would want to avoid this, if you somehow happened to have better version information from somewhere else. I think this would never be the case with backorifice-brute. Also additional info will be displayed by backorifice-info, that already exists. You can choose to run the brute script alone, if you want to avoid additional information. Another questions is, whether or not this should go into the version category, if it records version information. I think the answer is not, because brute forcing the seed is a heavy duty operation, and not something you would want to happen during a regular service scan. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: backorifice-brute NSE script, (continued)
- Re: backorifice-brute NSE script Patrik Karlsson (May 03)
- Re: backorifice-brute NSE script Patrik Karlsson (May 09)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script Patrick Donnelly (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script Toni Ruottu (May 04)
- Re: backorifice-brute NSE script Patrick Donnelly (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 05)
- Re: backorifice-brute NSE script Toni Ruottu (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 05)