Nmap Development mailing list archives
Evangelos Deirmentzoglou GSoC status report #14 of 17
From: Evangelos Deirme <edeirme () gmail com>
Date: Tue, 15 Aug 2017 00:50:37 +0300
Hey everyone, This is my report for the 14th week of GSoC 2017. ---Status Report #14 of 17--- 14 August 2017 Accomplishments: * Started development of MongoDB module. * Developed the MongoDB-CR authentication mode. It requires a bit more testing but overall it is complete. * SCRAM-SHA-1 authentication mode is still under development. At the moment the module sends to the server the clientNonce, receives the server's response and extracts the data needed for the payload calculation. * The module identifies the version of the MongoDB server. If the server is below version 3 it will default to MongoDB-CR authentication and if the MongoDB version is above version 3 it will default to SCRAM-SHA-1. * The module requires a database to authenticate upon. By default, the module will brute force the database 'admin' but a module argument can be passed to specify another database name. Priorities: * Continue development of MongoDB module. * Some MongoDB servers have no authentication at all. A packet to identify whether the database has authentication or not should be sent before starting the brute force attempts. * Develop the Windows version of the MongoDB module. * Solve bug, if any on the MSSQL module. * Solve bug, if any on the WinRM module. Thanks, Evangelos Deirmentzoglou
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Evangelos Deirmentzoglou GSoC status report #14 of 17 Evangelos Deirme (Aug 14)