Nmap Development mailing list archives
Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 10 Nov 2011 08:23:34 +0100
On Thu, Nov 10, 2011 at 3:09 AM, Vlatko Kosturjak <kost () linux hr> wrote:
Hello! Some time ago, I've sent link to the NSE scripts for guessing passwords on popular vulnerability scanners on github: https://github.com/kost/vulnscan-pwcrack I have rewritten all those scripts to use new brute library. I have used some existing NSE examples (mostly from Patrick) from Nmap SVN while doing that. As I see people are doing already done job (Henry OMP, Patrick NTP), I'm sending these scripts directly to the mailing list now - hopefully for inclusion. So, the scripts are (I guess they are self descriptive): metasploit-xmlrpc-brute.nse nessus-ntp-brute.nse nessus-xmlrpc-brute.nse nexpose-brute.nse openvas-omp-brute.nse openvas-otp-brute.nse Since Nmap does not detect all the services correctly, I'm sending patch to the nmap services probes against the latest SVN version. Still, there are some issues - mainly with nessus-xmlrpc-brute.nse as I have to force SSL in http.post by modifying NSE source in order to execute the script correctly. Looks like Nmap is trying to talk HTTP to the HTTPS server when using http.post in NSE although it detected it as ssl tunneled service in version scan phase. If these scripts look fine, i have some *enum scripts ready to send as well (but these scripts depend on the scripts in attachment). BTW Patrick, I see you have problems with threads in NTP brute. I have tested my version of the script and I'm not experiencing that. Could you tell me what I need to do to reproduce that? Also, if you check my script - I have sacrificed robustness of the script for the speed. Let me know your comments, -- Vlatko Kosturjak - KoSt _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Thanks Kost! I'll check your scripts out later today! In regards to Nessus NTP I believe I was seeing that the account could not be reliably detected in case the dictionary was big and the brute ran with multiple threads for a while. I'll see if I can find that out for you and let you know. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 13)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 17)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 10)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Patrik Karlsson (Nov 09)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Vlatko Kosturjak (Nov 11)
- Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks Henri Doreau (Nov 14)