Nmap Development mailing list archives
Re: backorifice-brute NSE script
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 9 May 2011 20:28:08 +0200
On May 3, 2011, at 4:40 AM, Daniel Miller wrote:
On Mon, May 2, 2011 at 9:13 PM, David Fifield <david () bamsoftware com> wrote:The found password is saved in nmap.registry.backorificepassword; what happens if the script is run against two hosts at once?This reminds me of an idea I had, but which I do not have plans of pursuing. With all the brute-* scripts and the unpwdb, could NSE support something like Metasploit's Creds table? Records consist of username, password, and service, where service a foreign-key relationship with a record defined by host, port, and protocol (more or less). This would make a common solution to questions like this, and would offer the opportunity for closer integration with Metasploit, perhaps through a postrule. Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
As promised, here's the library and a few scripts to demonstrate it's current capabilities. My initial thoughts was to create a library that would standardize the error/success messages generated by all brute scripts and to be able to dump all discovered credentials at the end of a scan using a postrule. I'm attaching the library in it's current state for feedback and for anyone to try out. Regards, Patrik
Attachment:
creds-test.nse
Description:
Attachment:
creds-test2.nse
Description:
Attachment:
creds-test3.nse
Description:
Attachment:
creds.lua
Description:
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- backorifice-brute NSE script Gorjan Petrovski (May 02)
- Re: backorifice-brute NSE script Patrick Donnelly (May 02)
- Re: backorifice-brute NSE script David Fifield (May 02)
- Re: backorifice-brute NSE script Daniel Miller (May 02)
- Re: backorifice-brute NSE script Patrik Karlsson (May 03)
- Re: backorifice-brute NSE script Patrik Karlsson (May 09)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script David Fifield (May 02)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script Patrick Donnelly (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script Toni Ruottu (May 04)
- Re: backorifice-brute NSE script Patrick Donnelly (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 05)
- Re: backorifice-brute NSE script Patrick Donnelly (May 02)
- Re: backorifice-brute NSE script Toni Ruottu (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 05)