Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: backorifice-brute NSE script
From: Vlatko Kosturjak <kost () linux hr>
Date: Wed, 04 May 2011 15:22:48 +0200

On 05/03/2011 12:32 AM, Gorjan Petrovski wrote:

I've been somewhat busy this weekend, and the result is a
backorifice-brute script that utilizes the brute library to guess
passwords against the BackOrifice service. The backorifice class
contains the basic functions for encryption and a try_password
function which sends an encrypted PING packet to the service and
checks whether the response is correct. This script is nearly
finished, since some things are still unclear to me:


congrats on the nice script & work.

Cracking BO password should be actually doable by really brute forcing
it. I remember I was doing it for fakebo long time ago. Take a look for
ideas at:
from line 1022 (it's time when GCC did not have proper optimization so
you had to use lot of if()s)

Regarding what info script should display, IMHO it should display only
basics: version info and eventual password as anyway I would take real
client and connect for any further work. I only see usefulness of
extracting bunch of data if that data would be stored in Nmap registry
and reused by some other scripts. Again, it's my personal opinion and
doesn't mean that it is correct...

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]