Nmap Development mailing list archives
brute.lua, unpwdb.lua, custom iterators and flexibility
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Wed, 27 Jun 2012 17:11:16 +0200
Hi all, I have a small report here about some ideas regarding brute scripts. After some discussion, we came to the conclusion that it would be nice to be able to add a specific username to try when bruteforcing. For example, I want to add a username "ftp" to ftp-brute along with the rest of the usernames and passwords form unpwdb. Now, there are three logical options: 1) Add custom usernames and password pairs - this can be accomplished with specifying a custom iterator and then using the unpwdb.usernames() and passwords() to add another iterator that would test default set (this would be a default iterator) 2) Adding just username to test against all passwords form unpwdb - this _could_ be accomplished by adding a custom iterator with table for usernames and unpwdb.passwords() iterator for passwords and then adding a "default" iterator. This would test all the passwords against our specified username and then proceed to test the default set. I say "could be" because the current code for account_iterator has this: if ( 'table' == type(users) and 'table' == type(pass) ) then ... elseif ( 'function' == type(users) and 'function' == type(pass) ) then ... end This means that we can only specify an iterator with either both usernames and passwords as tables or functions and not , for example, table of usernames and iterator for passwords. This could easily be expanded for more flexibility by adding two more elseif blocks for remaining combinations. What do you think about this ? I could add the code if you agree this would be an improvement. It wouldn't break any existing scripts (as far as i can see) and the future (or even revision of existing) scripts could benefit from this flexibility. I think it's only natural to be able to "mix tables and functions" here since username iterators are already abstracted in unpwdb.Actually, I wrote the script assuming it already works like that, but then checked the code. Please comment about this, and I'll get it done. 3) Prepend or append username(s) to the list of usernames from unpwdb - say we just wanted to add a few usernames to be tested first with the default iterator. This could be accomplished by some small modifications of unpwdb library. For example, to specify few additional tables, for usernames and passwords, empty by default, to which a script could append and then in the usernames_raw and passwords_raw functions check if those are not empty and add them to the appropriate tables. Of course, there could be other ways to accomplish this. Both propositions in options 2) and 3) would (as far as i can see) pose no performance penalty as those things would be only done once, before the actual bruteforcing starts. All this would add additional flexibility for brute scripts. For example, oracle-brute script could be extended to test default accounts against unpwdb's list of passwords, tho I'm not sure this is the great example :). Many services, such as ftp, usually have default usernames (ftp here) that could easily be added. As always, please comment, and if we agree on any of this , I'd be more than happy to implement it. Aleksandar _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- brute.lua, unpwdb.lua, custom iterators and flexibility Aleksandar Nikolic (Jun 27)
- Re: brute.lua, unpwdb.lua, custom iterators and flexibility David Fifield (Jun 27)
- Re: brute.lua, unpwdb.lua, custom iterators and flexibility David Fifield (Jun 27)