Nmap Development mailing list archives
Re: [nmap-svn] r24134 - in nmap: . nselib scripts
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Thu, 7 Jul 2011 00:21:18 +0200
These scripts are missing "require 'creds'", or I'm missing some important point? $ grep "creds\." $(grep "require.*creds" -L $(grep "creds" * -l)) domcon-brute.nse: return true, brute.Account:new( username, password, creds.State.VALID) dpap-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) http-brute.nse: return true, brute.Account:new( username, password, creds.State.VALID) http-form-brute.nse: return true, brute.Account:new( username, password, creds.State.VALID) informix-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) informix-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) iscsi-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) nping-brute.nse: return true, brute.Account:new("", password, creds.State.VALID) omp2-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) oracle-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) oracle-brute.nse: return true, brute.Account:new(username, password, creds.State.LOCKED) sip-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) svn-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) vnc-brute.nse: return true, brute.Account:new("", password, creds.State.VALID) On Sun, Jun 19, 2011 at 7:18 PM, <commit-mailer () insecure org> wrote:
Author: patrik Date: Sun Jun 19 10:18:29 2011 New Revision: 24134 Log: o [NSE] Added credential storage library (creds.lua) and modified the brute library and scripts to make use of it. [Patrik] Added: nmap/nselib/creds.lua Modified: nmap/CHANGELOG nmap/nselib/brute.lua nmap/scripts/backorifice-brute.nse nmap/scripts/domcon-brute.nse nmap/scripts/dpap-brute.nse nmap/scripts/http-brute.nse nmap/scripts/http-form-brute.nse nmap/scripts/informix-brute.nse nmap/scripts/iscsi-brute.nse nmap/scripts/nping-brute.nse nmap/scripts/omp2-brute.nse nmap/scripts/oracle-brute.nse nmap/scripts/sip-brute.nse nmap/scripts/svn-brute.nse nmap/scripts/vnc-brute.nse Modified: nmap/CHANGELOG ============================================================================== --- nmap/CHANGELOG (original) +++ nmap/CHANGELOG Sun Jun 19 10:18:29 2011 @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added credential storage library (creds.lua) and modified the brute + library and scripts to make use of it. [Patrik] + o [NSE] Added a MySQL audit script and a rulebase that supports auditing a subset of the MySQL CIS 1.0.2 Benchmark. [Patrik] Modified: nmap/nselib/brute.lua ============================================================================== --- nmap/nselib/brute.lua (original) +++ nmap/nselib/brute.lua Sun Jun 19 10:18:29 2011 @@ -164,7 +164,7 @@ -- by '/' -- --- Version 0.6 +-- Version 0.7 -- Created 06/12/2010 - v0.1 - created by Patrik Karlsson <patrik () cqure net> -- Revised 07/13/2010 - v0.2 - added connect, disconnect methods to Driver -- <patrik () cqure net> @@ -176,10 +176,12 @@ -- David's request. -- Revised 08/30/2010 - v0.6 - added support for custom iterators and did some -- needed cleanup. +-- Revised 06/19/2010 - v0.7 - added support for creds library module(... or "brute", package.seeall) require 'unpwdb' require 'datafiles' +require 'creds' -- Options that can be set through --script-args Options = { @@ -244,12 +246,9 @@ -- following <code>OPEN</code>, <code>LOCKED</code>, -- <code>DISABLED</code>. new = function(self, username, password, state) - local o = {} + local o = { username = username, password = password, state = state } setmetatable(o, self) self.__index = self - o.username = username - o.password = password - o.state = state return o end, @@ -258,27 +257,12 @@ -- @return string representation of object toString = function( self ) local creds - if ( #self.username > 0 ) then creds = ("%s:%s"):format( self.username, #self.password > 0 and self.password or "<empty>" ) else creds = ("%s"):format( ( self.password and #self.password > 0 ) and self.password or "<empty>" ) end - - -- An account have the following states - -- - -- OPEN - Login was successful - -- LOCKED - The account was locked - -- DISABLED - The account was disabled - if ( self.state == "OPEN" ) then - return ("%s => Login correct"):format( creds ) - elseif ( self.state == "LOCKED" ) then - return ("%s => Account locked"):format( creds ) - elseif ( self.state == "DISABLED" ) then - return ("%s => Account disabled"):format( creds ) - else - return ("%s => Account has unknown state (%s)"):format( creds, self.state ) - end + return ( "%s => %s"):format(creds, self.state.msg ) end, } @@ -290,11 +274,9 @@ retry = false, new = function(self, msg) - local o = {} + local o = { msg = msg, done = false } setmetatable(o, self) self.__index = self - o.msg = msg - o.done = false return o end, @@ -340,8 +322,7 @@ Engine = { STAT_INTERVAL = 20, - terminate_all = false, - + --- Creates a new Engine instance -- -- @param driver, the driver class that should be instantiated @@ -350,21 +331,23 @@ -- @param options table containing any script specific options -- @return o new Engine instance new = function(self, driver, host, port, options) - local o = {} + local o = { + driver = driver, + host = host, + port = port, + driver_options = options, + terminate_all = false, + error = nil, + counter = 0, + threads = {}, + tps = {}, + iterators = {}, + found_accounts = {}, + options = Options:new(), + } setmetatable(o, self) self.__index = self - o.driver = driver - o.driver_options = options - o.host = host - o.port = port - o.options = Options:new() - o.found_accounts = {} - o.threads = {} - o.counter = 0 - o.max_threads = tonumber(nmap.registry.args["brute.threads"]) or 10 - o.iterators = {} - o.error = nil - o.tps = {} + o.max_threads = stdnse.get_script_args("brute.threads") or 10 return o end, @@ -509,31 +492,31 @@ return status, response end, - login = function(self, valid_accounts ) - - local condvar = nmap.condvar( valid_accounts ) + login = function(self, cvar ) + local condvar = nmap.condvar( cvar ) local thread_data = self.threads[coroutine.running()] local interval_start = os.time() while( true ) do -- Should we terminate all threads? - if ( Engine.terminate_all or thread_data.terminate ) then break end + if ( self.terminate_all or thread_data.terminate ) then break end local status, response = self:doAuthenticate() if ( status ) then -- Prevent locked accounts from appearing several times if ( not(self.found_accounts) or self.found_accounts[response.username] == nil ) then + creds.Credentials:new( self.options.script_name, self.host, self.port ):add(response.username, response.password, response.state ) + stdnse.print_debug("Discovered account: %s", response:toString()) - table.insert( valid_accounts, response:toString() ) self.found_accounts[response.username] = true -- Check if firstonly option was set, if so abort all threads - if ( self.options.firstonly ) then Engine.terminate_all = true end + if ( self.options.firstonly ) then self.terminate_all = true end end else if ( response and response:isAbort() ) then - Engine.terminate_all = true + self.terminate_all = true self.error = response:getMessage() break elseif( response and response:isDone() ) then @@ -559,7 +542,7 @@ -- if delay was speciefied, do sleep if ( self.options.delay > 0 ) then stdnse.sleep( self.options.delay ) end end - condvar("broadcast") + condvar "broadcast" end, --- Starts the brute-force @@ -568,8 +551,11 @@ -- @return err string containing error message on failure start = function(self) - local result, valid_accounts, stats = {}, {}, {} - local condvar = nmap.condvar( valid_accounts ) + local result, cvar, stats = {}, {}, {} + local condvar = nmap.condvar( cvar ) + + assert(self.options.script_name, "SCRIPT_NAME was not set in options.script_name") + assert(self.port.number and self.port.protocol and self.port.service, "Invalid port table detected") -- Only run the check method if it exist. We should phase this out -- in favor of a check in the action function of the script @@ -629,16 +615,18 @@ -- Startup all worker threads for i=1, self.max_threads do - local co = stdnse.new_thread( self.login, self, valid_accounts ) + local co = stdnse.new_thread( self.login, self, cvar ) self.threads[co] = {} self.threads[co].running = true end -- wait for all threads to finnish running - while self:threadCount()>0 do condvar("wait") end + while self:threadCount()>0 do condvar "wait" end + + local valid_accounts = creds.Credentials:new(self.options.script_name, self.host, self.port):getTable() -- Did we find any accounts, if so, do formatting - if ( #valid_accounts > 0 ) then + if ( valid_accounts and #valid_accounts > 0 ) then valid_accounts.name = "Accounts" table.insert( result, valid_accounts ) else @@ -661,7 +649,7 @@ -- Did any error occure? If so add this to the result. if ( self.error ) then - result = result .. (" \n\n ERROR: %s"):format( self.error ) + result = result .. (" \n ERROR: %s"):format( self.error ) return false, result end return true, result Added: nmap/nselib/creds.lua ============================================================================== --- (empty file) +++ nmap/nselib/creds.lua Sun Jun 19 10:18:29 2011 @@ -0,0 +1,210 @@ +--- The credential class stores found credentials in the Nmap registry +-- +-- +-- @author "Patrik Karlsson <patrik () cqure net>" +-- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html + +-- Version 0.1 +-- Created 2011/02/06 - v0.1 - created by Patrik Karlsson <patrik () cqure net> +module(... or "creds", package.seeall) + +require('ipOps') + +-- Table containing the different account states +State = { + LOCKED = { msg = 'Account is locked' }, + VALID = { msg = 'Account is valid' }, + DISABLED = { msg = 'Account is disabled' }, + CHANGEPW = { msg = 'Password needs to be changed at next logon' }, +} + +ALL_DATA = "all_script_data" + +-- The RegStorage class +RegStorage = { + + --- Creates a new RegStorage instance + -- + -- @return a new instance + new = function(self) + local o = {} + setmetatable(o, self) + self.__index = self + o.filter = {} + return o + end, + + --- Add credentials to storage + -- + -- @param scriptname the name of the script adding the credentials + -- @param host host table, name or ip + -- @param port number containing the port of the service + -- @param service the name of the service + -- @param user the name of the user + -- @param pass the password of the user + -- @param state of the account + add = function( self, scriptname, host, port, service, user, pass, state ) + local cred = { + scriptname = scriptname, + host = host, + port = port, + service = service, + user = user, + pass = pass, + state = state + } + nmap.registry.creds = nmap.registry.creds or {} + table.insert( nmap.registry.creds, cred ) + end, + + --- Sets the storage filter + -- + -- @param host table containing the host + -- @param port table containign the port + setFilter = function( self, host, port ) + self.filter.host = host + self.filter.port = port + end, + + --- Retrieves the table containing all credential records + -- + -- @return table containing all credential records + getAll = function( self ) + local tbl = nmap.registry.creds + local new_tbl = {} + local host, port = self.filter.host, self.filter.port + + if ( not(tbl) ) then return end + + for _, v in pairs(tbl) do + local h = ( v.host.ip or v.host ) + if ( not(host) and not(port) ) then + table.insert(new_tbl, v) + elseif ( not(host) and ( port == v.port ) ) then + table.insert(new_tbl, v) + elseif ( ( host and ( h == host or h == host.ip ) ) and not(port) ) then + table.insert(new_tbl, v) + elseif ( ( host and ( h == host or h == host.ip ) ) and port.number == v.port ) then + table.insert(new_tbl, v) + end + end + return new_tbl + end, + +} + +-- The credentials class +Credentials = { + + --- Creates a new instance of the Credentials class + -- @param scriptname string containing the name of the script + -- @param host table as received by the scripts action method + -- @param port table as received by the scripts action method + new = function(self, scriptname, host, port) + local o = {} + setmetatable(o, self) + self.__index = self + o.storage = RegStorage:new() + o.storage:setFilter(host, port) + o.host = host + o.port = ( port and port.number ) and port.number + o.service = ( port and port.service ) and port.service + o.scriptname = scriptname + return o + end, + + --- Add a discovered credential + -- + -- @param host host table, name or ip + -- @param port number containing the port of the service + -- @param service the name of the service + -- @param user the name of the user + -- @param pass the password of the user + -- @param state of the account + add = function( self, user, pass, state ) + local pass = ( pass and #pass > 0 ) and pass or "<empty>" + assert( self.host, "No host supplied" ) + assert( self.port, "No port supplied" ) + assert( state, "No state supplied") + assert( self.scriptname, "No scriptname supplied") + + -- there are cases where we will only get a user or password + -- so as long we have one of them, we're good + if ( user or pass ) then + self.storage:add( self.scriptname, self.host, self.port, self.service, user, pass, state ) + end + end, + + --- Returns a table of credentials + -- + -- @return tbl table containing the discovered credentials + getTable = function(self) + local result = {} + local all = self.storage:getAll() + + if ( not(all) ) then return end + + for _, v in pairs(self.storage:getAll()) do + local h = ( v.host.ip or v.host ) + local svc = ("%s/%s"):format(v.port,v.service) + local c + if ( v.user and #v.user > 0 ) then + c = ("%s:%s - %s"):format(v.user, v.pass, v.state.msg) + else + c = ("%s - %s"):format(v.pass, v.state.msg) + end + local script = v.scriptname + assert(type(h)=="string", "Could not determine a valid host") + + if ( script == self.scriptname or self.scriptname == ALL_DATA ) then + result[h] = result[h] or {} + result[h][svc] = result[h][svc] or {} + table.insert( result[h][svc], c ) + end + end + + local output = {} + for hostname, host in pairs(result) do + local host_tbl = { name = hostname } + for svcname, service in pairs(host) do + local svc_tbl = { name = svcname } + for _, account in ipairs(service) do + table.insert(svc_tbl, account) + end + -- sort the accounts + table.sort( svc_tbl, function(a,b) return a<b end) + table.insert( host_tbl, svc_tbl ) + end + -- sort the services + table.sort( host_tbl, + function(a,b) + return tonumber(a.name:match("^(%d+)")) < tonumber(b.name:match("^(%d+)")) + end + ) + table.insert( output, host_tbl ) + end + + -- sort the IP addresses + table.sort( output, function(a, b) return ipOps.compare_ip(a.name, "le", b.name) end ) + if ( self.host and self.port and #output > 0 ) then + output = output[1][1] + output.name = nil + elseif ( self.host and #output > 0 ) then + output = output[1] + output.name = nil + end + return output + end, + + --- Get credentials with optional host and port filter + -- If no filters are supplied all records are returned + -- + -- @param host table or string containing the host to filter + -- @param port number containing the port to filter + -- @return table suitable from <code>stdnse.format_output</code> + __tostring = function(self) + local all = self:getTable() + if ( all ) then return stdnse.format_output(true, all) end + end, + +} Modified: nmap/scripts/backorifice-brute.nse ============================================================================== --- nmap/scripts/backorifice-brute.nse (original) +++ nmap/scripts/backorifice-brute.nse Sun Jun 19 10:18:29 2011 @@ -262,7 +262,7 @@ nmap.registry.credentials['backorifice'] = {} end table.insert( nmap.registry.credentials.backorifice, { password = password } ) - return true, brute.Account:new("", password, "OPEN") + return true, brute.Account:new("", password, creds.State.VALID) else -- The only indication that the password is incorrect is a timeout local err = brute.Error:new( "Incorrect password" ) @@ -271,9 +271,6 @@ end end, - check = function( self ) - return true - end } action = function( host, port ) @@ -283,6 +280,7 @@ engine.options.firstonly = true engine.options.passonly = true + engine.options.script_name = SCRIPT_NAME status, result = engine:start() Modified: nmap/scripts/domcon-brute.nse ============================================================================== --- nmap/scripts/domcon-brute.nse (original) +++ nmap/scripts/domcon-brute.nse Sun Jun 19 10:18:29 2011 @@ -136,7 +136,7 @@ if ( status and data:match("NOT_REG_ADMIN") ) then not_admins[username] = true elseif( status and data:match("VALID_USER") ) then - return true, brute.Account:new( username, password, "OPEN") + return true, brute.Account:new( username, password, creds.State.VALID) end return false, brute.Error:new( "Incorrect password" ) @@ -146,11 +146,7 @@ disconnect = function( self ) self.sockpool:releaseSocket( self.socket ) end, - - check = function( self ) - return true - end, - + } @@ -159,6 +155,7 @@ local pool = SocketPool:new(10) local engine = brute.Engine:new(Driver, host, port, pool ) + engine.options.script_name = SCRIPT_NAME status, result = engine:start() pool:shutdown() Modified: nmap/scripts/dpap-brute.nse ============================================================================== --- nmap/scripts/dpap-brute.nse (original) +++ nmap/scripts/dpap-brute.nse Sun Jun 19 10:18:29 2011 @@ -55,8 +55,8 @@ "Client-DPAP-Version: 1.1\r\n" .. "\r\n\r\n" - local creds = base64.enc("nmap:" .. password) - data = data:format( self.host.ip, self.port.number, self.host.ip, creds ) + local c = base64.enc("nmap:" .. password) + data = data:format( self.host.ip, self.port.number, self.host.ip, c ) local status = self.socket:send( data ) if ( not(status) ) then @@ -73,7 +73,7 @@ end if ( data:match("^HTTP/1.1 200 OK") ) then - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) end return false, brute.Error:new( "Incorrect password" ) @@ -111,7 +111,8 @@ engine.options.firstonly = true engine.options:setOption( "passonly", true ) - + engine.options.script_name = SCRIPT_NAME + status, result = engine:start() return result Modified: nmap/scripts/http-brute.nse ============================================================================== --- nmap/scripts/http-brute.nse (original) +++ nmap/scripts/http-brute.nse Sun Jun 19 10:18:29 2011 @@ -79,7 +79,7 @@ nmap.registry.credentials['http'] = {} end table.insert( nmap.registry.credentials.http, { username = username, password = password } ) - return true, brute.Account:new( username, password, "OPEN") + return true, brute.Account:new( username, password, creds.State.VALID) end return false, brute.Error:new( "Incorrect password" ) end, @@ -105,7 +105,8 @@ local path = nmap.registry.args['http-brute.path'] local method = string.upper(nmap.registry.args['http-brute.method'] or "GET") local engine = brute.Engine:new(Driver, host, port, method ) - + engine.options.script_name = SCRIPT_NAME + if ( not(path) ) then return " \n ERROR: No path was specified (see http-brute.path)" end Modified: nmap/scripts/http-form-brute.nse ============================================================================== --- nmap/scripts/http-form-brute.nse (original) +++ nmap/scripts/http-form-brute.nse Sun Jun 19 10:18:29 2011 @@ -135,7 +135,7 @@ nmap.registry['credentials'] = nmap.registry['credentials'] or {} nmap.registry.credentials['http'] = nmap.registry.credentials['http'] or {} table.insert( nmap.registry.credentials.http, { username = username, password = password } ) - return true, brute.Account:new( username, password, "OPEN") + return true, brute.Account:new( username, password, creds.State.VALID) end return false, brute.Error:new( "Incorrect password" ) @@ -235,6 +235,8 @@ -- there's a bug in http.lua that does not allow it to be called by -- multiple threads engine:setMaxThreads(1) + engine.options.script_name = SCRIPT_NAME + if ( not(uservar) ) then engine.options:setOption( "passonly", true ) end Modified: nmap/scripts/informix-brute.nse ============================================================================== --- nmap/scripts/informix-brute.nse (original) +++ nmap/scripts/informix-brute.nse Sun Jun 19 10:18:29 2011 @@ -78,10 +78,10 @@ nmap.registry['informix-brute'] = {} end table.insert( nmap.registry['informix-brute'], { ["username"] = username, ["password"] = password } ) - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) -- Check for account locked message elseif ( data:match("INFORMIXSERVER does not match either DBSERVERNAME or DBSERVERALIASES") ) then - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) end return false, brute.Error:new( data ) @@ -93,21 +93,13 @@ self.helper:Close() end, - --- Perform a connection with the helper, this makes sure that the Informix - -- instance is correct. - -- - -- @return status true on success false on failure - -- @return err containing the error message on failure - check = function( self ) - return true - end, - } action = function(host, port) local status, result local engine = brute.Engine:new(Driver, host, port ) + engine.options.script_name = SCRIPT_NAME status, result = engine:start() Modified: nmap/scripts/iscsi-brute.nse ============================================================================== --- nmap/scripts/iscsi-brute.nse (original) +++ nmap/scripts/iscsi-brute.nse Sun Jun 19 10:18:29 2011 @@ -47,7 +47,7 @@ local status = self.helper:login( self.target, username, password, "CHAP") if ( status ) then - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) end return false, brute.Error:new( "Incorrect password" ) @@ -78,7 +78,10 @@ if ( status ) then return "No authentication required" end local accounts - status, accounts = brute.Engine:new(Driver, host, port):start() + + local engine = brute.Engine:new(Driver, host, port) + engine.options.script_name = SCRIPT_NAME + status, accounts = engine:start() if ( status ) then return accounts end end \ No newline at end of file Modified: nmap/scripts/nping-brute.nse ============================================================================== --- nmap/scripts/nping-brute.nse (original) +++ nmap/scripts/nping-brute.nse Sun Jun 19 10:18:29 2011 @@ -165,7 +165,7 @@ login = function(self, _, password) if self:testpass(password) then - return true, brute.Account:new("", password, "OPEN") + return true, brute.Account:new("", password, creds.State.VALID) end return false, brute.Error:new("Incorrect password") end, @@ -173,16 +173,13 @@ disconnect = function(self) return self.socket:close() end, - - check = function(self) --deprecated - return true - end, } action = function(host, port) local engine = brute.Engine:new(Driver, host, port) engine.options.firstonly = true engine.options:setOption("passonly", true) + engine.options.script_name = SCRIPT_NAME local status, result = engine:start() return result end Modified: nmap/scripts/omp2-brute.nse ============================================================================== --- nmap/scripts/omp2-brute.nse (original) +++ nmap/scripts/omp2-brute.nse Sun Jun 19 10:18:29 2011 @@ -64,20 +64,18 @@ if self.session:authenticate(username, password) then -- store the account for possible future use omp2.add_account(self.host, username, password) - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) else return false, brute.Error:new("login failed") end end, - --- Deprecated - check = function(self) - return true - end, } action = function(host, port) - local status, result = brute.Engine:new(Driver, host, port):start() + local engine = brute.Engine:new(Driver, host, port) + engine.options.script_name = SCRIPT_NAME + local status, result = engine:start() return result end Modified: nmap/scripts/oracle-brute.nse ============================================================================== --- nmap/scripts/oracle-brute.nse (original) +++ nmap/scripts/oracle-brute.nse Sun Jun 19 10:18:29 2011 @@ -100,10 +100,10 @@$ grep "creds\." $(grep "require.*creds" -L $(grep "creds" * -l))
domcon-brute.nse: return true, brute.Account:new( username, password, creds.State.VALID) dpap-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) http-brute.nse: return true, brute.Account:new( username, password, creds.State.VALID) http-form-brute.nse: return true, brute.Account:new( username, password, creds.State.VALID) informix-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) informix-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) iscsi-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) nping-brute.nse: return true, brute.Account:new("", password, creds.State.VALID) omp2-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) oracle-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) oracle-brute.nse: return true, brute.Account:new(username, password, creds.State.LOCKED) sip-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) svn-brute.nse: return true, brute.Account:new(username, password, creds.State.VALID) vnc-brute.nse: return true, brute.Account:new("", password, creds.State.VALID)
local status, data = self.helper:Login( username, password ) if ( status ) then - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) -- Check for account locked message elseif ( data:match("ORA[-]28000") ) then - return true, brute.Account:new(username, password, "LOCKED") + return true, brute.Account:new(username, password, creds.State.LOCKED) -- check for any other message elseif ( data:match("ORA[-]%d+")) then stdnse.print_debug(3, "username: %s, password: %s, error: %s", username, password, data ) @@ -147,6 +147,7 @@ action = function(host, port) local status, result local engine = brute.Engine:new(Driver, host, port ) + engine.options.script_name = SCRIPT_NAME if ( not( nmap.registry.args['oracle-brute.sid'] ) and not( nmap.registry.args['tns.sid'] ) ) then return "ERROR: Oracle instance not set (see oracle-brute.sid or tns.sid)" Modified: nmap/scripts/sip-brute.nse ============================================================================== --- nmap/scripts/sip-brute.nse (original) +++ nmap/scripts/sip-brute.nse Sun Jun 19 10:18:29 2011 @@ -61,7 +61,7 @@ end return false, brute.Error:new( "Incorrect password" ) end - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) end, disconnect = function(self) return self.helper:close() end, @@ -100,6 +100,7 @@ end end local engine = brute.Engine:new(Driver, host, port) + engine.options.script_name = SCRIPT_NAME local status, result = engine:start() return result end Modified: nmap/scripts/svn-brute.nse ============================================================================== --- nmap/scripts/svn-brute.nse (original) +++ nmap/scripts/svn-brute.nse Sun Jun 19 10:18:29 2011 @@ -207,7 +207,7 @@ self.invalid_users[username] = true return false, brute.Error:new("Username not found") elseif ( status and msg:match("success") ) then - return true, brute.Account:new(username, password, "OPEN") + return true, brute.Account:new(username, password, creds.State.VALID) else return false, brute.Error:new( "Incorrect password" ) end @@ -250,12 +250,14 @@ return " \n Anonymous SVN detected, no authentication needed" end - if ( not( svn.auth_mech["CRAM-MD5"] ) ) then + if ( not(svn.auth_mech) or not( svn.auth_mech["CRAM-MD5"] ) ) then return " \n No supported authentication mechanisms detected" end local invalid_users = {} - status, accounts = brute.Engine:new(Driver, host, port, invalid_users):start() + local engine = brute.Engine:new(Driver, host, port, invalid_users) + engine.options.script_name = SCRIPT_NAME + status, accounts = engine:start() if( not(status) ) then return accounts end Modified: nmap/scripts/vnc-brute.nse ============================================================================== --- nmap/scripts/vnc-brute.nse (original) +++ nmap/scripts/vnc-brute.nse Sun Jun 19 10:18:29 2011 @@ -69,7 +69,8 @@ login = function( self, username, password ) local status, data = self.vnc:handshake() - if ( not(status) and data:match("Too many authentication failures") ) then + if ( not(status) and ( data:match("Too many authentication failures") or + data:match("Your connection has been rejected.") ) ) then local err = brute.Error:new( data ) err:setAbort( true ) return false, err @@ -83,7 +84,7 @@ status, data = self.vnc:login( nil, password ) if ( status ) then - return true, brute.Account:new("", password, "OPEN") + return true, brute.Account:new("", password, creds.State.VALID) elseif ( not( data:match("Authentication failed") ) ) then local err = brute.Error:new( data ) -- This might be temporary, set the retry flag @@ -132,6 +133,7 @@ local status, result local engine = brute.Engine:new(Driver, host, port ) + engine.options.script_name = SCRIPT_NAME engine.options.firstonly = true engine.options:setOption( "passonly", true ) _______________________________________________ Sent through the nmap-svn mailing list http://cgi.insecure.org/mailman/listinfo/nmap-svn
-- Gorjan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r24134 - in nmap: . nselib scripts Gorjan Petrovski (Jul 06)
- Re: [nmap-svn] r24134 - in nmap: . nselib scripts Patrick Donnelly (Jul 06)
- Re: [nmap-svn] r24134 - in nmap: . nselib scripts Gorjan Petrovski (Jul 07)
- Re: [nmap-svn] r24134 - in nmap: . nselib scripts Patrick Donnelly (Jul 06)