Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: using the credentials database
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 30 Jun 2011 09:12:14 +0200


At this point I think it shouldn't be a problem, technically, to add
credentials from the command line.
Before I (or someone else) does so, I think we need to consider the
following:
1. I've been working with the following (most common) account states:
LOCKED, VALID, DISABLED and CHANGEPW
   We probably need to add a new state for the credentials added on
command line
2. The library structures credentials around hosts and ports.
   Adding "global" credentials will need some kind of work-around.
   The easiest way is probably adding a host eg. 0.0.0.0 and port 0 that
would keep track of these credentials
   This way, it should be straight forward to allow adding service
specific credentials from the command line too.
3. The command line added credentials need to be handled differently in
output
   I propose that the 0.0.0.0 host is filtered from all output.
   If the global credentials are discovered for some service they will be
added to the respective host and service.
4. When a script queries all credentials discovered for a host and port we
need to consider how to handle global credentials
   Should they be returned first or last in the table?
   Should they be returned at all if there were other credentials
discovered for that host & port combination?
5. There are currently very few scripts that make use of the library for
storing credentials.
   There are none that make use of reading from the database.
   This will of course hopefully change over time.
   Until then the documentation regarding global credentials needs to be
very clear so that users don't mistakenly think they can use it.

Those are some of my thoughts. Comments?

//Patrik

What I'd like to see next, is support for feeding credentials into the
database from command line. I am sure this could be made into a really
hard design task, but maybe we do not need to support very complex use
cases. We could just support global credentials that would match all
services. How about --script-args creds.global=joe:secret,admin:123456

On Tue, Jun 28, 2011 at 12:04 AM, Patrik Karlsson <patrik () cqure net>
wrote:

On Jun 27, 2011, at 4:25 PM, Toni Ruottu wrote:

Do we have examples for using the credentials stored in the database?
Do I need to use the credentials explicitly when I am developing http
info scripts, or does the http library just log in for me if
authorization is required?

 --Toni
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Hi Toni,

I've added some documentation and a new function called getCredentials
that will hopefully get you what you need.
Let me know if there's anything else you find missing :)

In regards to the http library, you need to se the credentials
explicitly. Check out the http-brute script for an example.

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault