Nmap Development mailing list archives
Re: [NSE] snmp-brute port to brute framework
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Tue, 12 Jul 2011 00:30:38 +0200
Thanks for the suggestions. Currently I'm testing the throughput with unconnected sockets. I'm using a virtual machine so any limitations would be due to slow processing of requests on the server's part. I'm gonna add the default passwords after I resolve the issues with communication and losses of passwords. Currently my criteria are that under no circumstances we should DoS the server, and as a result of that miss testing some passwords. My thoughts are going toward using unconnected sockets but somehow limiting the number of probes sent per second. The host.times.timeout will definitely be of use, but I'll have to add a heuristic multiplier to that, so now I have to find what value that multiplier will be. Patrik, did you test the responsiveness of the server using multiple probes with the correct password, or was there some mysterious net-fu of yours at play? I'm asking because AFAIK the only way to find if a password is wrong is a timeout on a socket (no returned response), so we can't reliably test the snmp-brute script itself, but we can test the servers throughput. On Mon, Jul 11, 2011 at 7:04 PM, David Fifield <david () bamsoftware com> wrote:
On Wed, Jul 06, 2011 at 09:39:16PM +0200, Gorjan Petrovski wrote:Hi, I'm porting the snmp-brute script to the brute framework and I found that there are default passwords used to brute if no wordlist is supplied. These passwords are: 'public', 'private', 'snmpd', 'snmp', 'mngt', 'cisco', 'admin'. S?ome of them are not present in the default wordlist that the brute framework uses. I couldn't find posts about the original script SNMPcommunitybrute.nse and I've no idea how the author got hold of these passwords. Should I add them to the wordlist or not? Maybe I should add them to be used in addition to the default wordlist, only for the snmp-brute script when no other wordlist is specified?It's not as easy as it should be, but you can construct a custom password iterator using the functions in unpwdb. Make a coroutine that first yields your SNMP-specific passwords, then unpwdb.passwords_raw. unpwdb.limited_iterator puts a time and count limit on the iterator. David Fifield
Thanks, Gorjan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 06)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 07)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 07)
- Re: [NSE] snmp-brute port to brute framework David Fifield (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 15)
- Re: [NSE] snmp-brute port to brute framework Toni Ruottu (Jul 15)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)