Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: [NSE] Bruteforce telnet

[NSE] Bruteforce telnet

From: Eddie Bell <ejlbell_at_gmail.com>
Date: Sat, 30 Jun 2007 15:28:30 +0100

Hello everyone,

I've committed (and attached) a telnet bruteforce script. It tries a
selection user/pass pairs compromising of common logins and default
router credentials. There are a total of 22 user/pass pairs which
seems to be the best compromise between speed and coverage.

On a public telnet server:

Interesting ports on vtn1.victoria.tc.ca (199.60.222.3):
PORT STATE SERVICE
23/tcp open telnet
|_ bruteforce: guest - <blank>

On my home router using its default configuration:

Interesting ports on BThomehub.home (192.168.1.254):
PORT STATE SERVICE
23/tcp open telnet
|_ bruteforce: admin - admin

It takes a couple of minutes to run as most telnet services only allow
1-3 attempts per connection and verification is delayed (to prevent
timing attacks?). Although it will stop as soon as it finds valid
credentials.

Because this sort of script spends a long time waiting for input, the
ideal future project would be to incorporate select() into NSE and use
co-routines to brute force in parallel. Perhaps even create a nselib
framework to do this which can be used by a whole family of brute*.nse
scripts. For now, this one should wet our appetites :)

All testing appreciated

cheers
 - eddie

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Jun 30 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos