Home page logo

nmap-dev logo Nmap Development mailing list archives

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 16 Apr 2011 20:17:08 +0300

Here is a new nse script I wrote for setting the password of a NetBus
server. It uses the authentication bypass feature if that is present.
It may also use passwords guessed by netbus-brute, or a password given
as command line argument. The password argument is shared with script
netbus-info, and is thus called netbus-info.password. It should
probably be changed to netbus.password, as that would be a more
logical name for a shared argument.

By default the password is changed into a randomly generated one. I
wrote a trivial password generation function that might not always
result in secure passwords. Someone might want to write a better
password generation library later. You can also state the target
password as a command line argument. The argument is called
action-passwd.password and should be shared by other scripts used for
setting passwords. Ideally one should be able to do
--script=action-passwd-*,*brute* to secure all target systems that
have weak passwords.

Any feedback is welcome. I would also like to hear suggestions for
other "action scripts". I was thinking about action-poweroff-* that
would be used to shutdown the system, action-reboot-* that would try
to send a reboot signal, and possibly action-eject-* that would monkey
with the cd tray so you could try to locate physical machines by
running scans on them. However all of these features came up by
looking at the NetBus protocol. Maybe there are more sensible ones.

My feeling is that scripts like these are powerful because they make
it possible to perform an action on a large set of machines at once.
For example I am not really sure, if actions that allow one to do sql
queries make sense because different sql databases have different
syntax. Thus each script would need to convert standard sql to the
specific sql supported by the database in question. Also I feel that
these scripts should result in a state change on the target system,
rather than just query for some information.


Attachment: action-passwd-netbus.nse

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]