Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nse crypto
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Fri, 11 Mar 2011 02:29:39 +0200

I got the script written using openssl. In the end the crypto was
surprisingly manageable, compared to dealing with IPv6 addresses. :-)

I have attached the script to this email. I am running an instance of
nping echo server with password 12345 at 174.129.239.201 Feel free to
test the script against it by commanding

nmap 174.129.239.201 -p 9929 --script=nping-brute

Trying out passwords is somewhat slow, so testing with really easy
ones may be a good idea. Add -d -d to the command line to see
progress.

On Thu, Mar 10, 2011 at 3:42 AM, Toni Ruottu <toni.ruottu () iki fi> wrote:
I got the impression that openssl libraries is all nping is using
anyway. So basically this should be doable. I am giving it a try, but
lets not hold our breath. :-)

On Wed, Mar 9, 2011 at 1:55 AM, Fyodor <fyodor () insecure org> wrote:
On Tue, Mar 08, 2011 at 05:16:50PM +0200, Toni Ruottu wrote:
Can we use this to write an nping-brute.nse script that would audit an
nping server for weak passwords?

I don't know if our current OpenSSL integration is enough.  But if you
do write a quality nping-brute script, we'd probably include it in
Nmap.  We want the Nmap tools to interoperate, and I suppose brute
force authentication cracking is a form of interoperability :).

Cheers,
Fyodor


Attachment: nping-brute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]