Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: backorifice-brute NSE script
From: Patrik Karlsson <patrik () labb1 com>
Date: Tue, 3 May 2011 12:54:44 +0300

Hi all,

I have actually already written a library for this which I've planned to integrate with the brute library. It currently 
supports being called to display the results of a single script or to display all credentials collected using the 
postrule. I'm on vacation until Sunday though and left the computer at home for a change. I can post it next week if 
you or someone else wants to have a look at it.

//Patrik

Sent from my iPhone

On 3 maj 2011, at 05:40, Daniel Miller <bonsaiviking () gmail com> wrote:

On Mon, May 2, 2011 at 9:13 PM, David Fifield <david () bamsoftware com> wrote:



The found password is saved in nmap.registry.backorificepassword; what
happens if the script is run against two hosts at once?


This reminds me of an idea I had, but which I do not have plans of pursuing.
With all the brute-* scripts and the unpwdb, could NSE support something
like Metasploit's Creds table? Records consist of username, password, and
service, where service a foreign-key relationship with a record defined by
host, port, and protocol (more or less). This would make a common solution
to questions like this, and would offer the opportunity for closer
integration with Metasploit, perhaps through a postrule.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]