Re: pcanywhere-brute request for comments

[Hani Benhabiles <kroosec () gmail com>]

On 06/16/2012 12:34 AM, Aleksandar Nikolic wrote:
> Hi all,
>
>
> And third, but most annoying, after it guesses a valid username/password
> pair , the server is locked for quite some time, so the script retries
> the connection
> until the server is available again and it can continue.
> Now, to resolve this last issue, there are two options:
> 1) The script quits after it finds one valid login
> or
> 2) The script loops in a sort of busy wait until the server becomes
> available again.
>
> In it's current state, the script implements the second option.
>
> Any thoughts on this ?
Hi Aleks,

I think that a script argument for choosing between the two options with 
a default value to one of them would be a wise choice. I would argue 
that the first option of stopping the brute after a valid guess should 
be the default option, but that is up to you to see how long is the wait 
after a valid login.

Cheers,
Hani.

--
Hani Benhabiles

Twitter: https://twitter.com/#!/kroosec
Blog: http://kroosec.blogspot.com

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/