Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: writing brute scripts for UDP based protocols
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Wed, 23 Mar 2011 02:39:49 +0200

Without explicit login failure messages my correct login message could be
dropped by a router and I would never know it was correct.
On 23 Mar 2011 02:31, "David Fifield" <david () bamsoftware com> wrote:
On Tue, Mar 22, 2011 at 01:15:54PM +0200, Toni Ruottu wrote:

Do we have an example of a brute script against a UDP based protocol?
I think the brute library is useless here. If the service reports
errors we can send auth packages, and check we get an error response
for each one we send. If the service only responds to packages with
correct credentials this becomes a lot harder, as we'll never know how
much traffic we can send and how many times we should retry given
credentials. Should we create a separate udpbrute library, or try to
squeeze this into the existing one?

I don't see how it's so different. Your "failed" signal is just a
timeout instead of an explicit message. But if you think it's better to
build a new brute engine, just do it directly in your script. If it
turns out to be generally useful, we'll split it out or add it to the
existing brute library.

I'm almost never going to object to a new system existing locally within
one script. It can always be changed later or removed with no
backwards-compatibility problems. Starting as a new public library is
riskier because then it's much more important to get the interface right
the first time.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]