Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 11:57:21 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Fyodor wrote:
On Tue, Jun 17, 2008 at 10:12:16PM -0500, Kris Katterjohn wrote:
Here are some ideas (not mutually exclusive of course):

1) The ability to grab a username or password at a time

OK.

2) The ability to grab the full table of usernames or passwords, or a table of
a certain size

You might be able to get by with either #1 or #2.  Though my initial
thought is that #1 would be better in that case.


Well, if it's between the two, I would definitely choose #1 (and that seems to
be the general opinion).

3) Maybe the ability to grab just "administrator" usernames

Maybe, though as you mentioned theyse may generally be at the top of
the username list anyway.  And a smart script which only wants admin
usernames may be better off using its own list because the script may
know if it is likely to be used against Windows, certain devices with
common admin names, etc.  So it may be able to exclude administrator
names from other platforms.


This sounds reasonable to me.

4) The ability to grab common default username/password pairs for networking
devices

I think these lists would be specific to a certain script which scans
such a device/service, so I'd rather let the script use its own lists.


This too sounds reasonable.

It would be nice if the library tells whether it is using a
user-provided or default list.  I'd generally probably use more
entries from a user-provided list (perhaps all of them), while a
default list can be limited to a much smaller number.


That's a good idea!  I think the simplest way would be to have a boolean
return value, probably true for a user-defined list.

Cheers,
-F

Thanks,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFk+b/9K37xXYl36AQL/Kw/8D/TUfZnQtQAJXnxQPFqDFmvU+poPSaj/
fZ0WVfTFwO52fv6AUQ4YVRtBB/wrVukXcK8trsn3v8w2w75Sf2LOlwphECxVMrEZ
ccd12WColGLlD43TUiWoL+PX3yH1WBbMRBFFMtOeXGx0j6egMUxwiyaADlouzWsJ
lEyNJRmC6wYUWyW6X+o7bZhYp6ZpCyDqiiWrUV1rYb/JpPOEoMqNgYL95Y/DvyFX
O95fxZUY+camibRs5U1RI0zF+QaVdsXuQAQFIJnsk1cBPtTFiDusRAi2kETNMf4+
g5T+T4MXkH9lLUghaY9Bhzkb4SftO4UBfOI4rjfSUomggwaJMqksbxnGNsCNjXtF
OjqDrbhPH1y5P/ONPFrwGpm73Y7WjIk/GdbmJnia/ZmTVDy7nMH9Nu9Z5JogbnfK
sv/3REcv7rHPlMa9n4hl6SsK0ZtB7i7LT5LlcDMczb7MuNKad1HgBQP7cLYFTCn2
fmbIY0kG6zewwvaDXNVdRdrBiF0R+xe5B9q1bx4XFPZbGP/iCXrS+j9Rk2MRxuSP
lj/5TeWFMIqM01jLNMbcm9fyINmdop5wBT7j5jc5qfKyxScxy1MikjruSc1v32Dz
VaEldXhhDyt1uatLQR+QGUlbuSBmjMjhy0tGX/RId/exAjT/LDCpOCfxWdB1gJyC
mwKj8wp1DL4=
=L67G
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault