Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: http-barracuda-dir-traversal.nse
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 9 Jun 2011 11:11:05 +0300

I understood we had a user credential database for scripts to record
the passwords they find. It was created, so brute scripts would not
need to duplicate that functionality. Has the credential database been
applied to trunk, or is it still being discussed?

On Wed, Jun 8, 2011 at 7:50 PM, Michael Lubinski
<michael.lubinski () gmail com> wrote:
Worth referring to an old link about this topic;
http://seclists.org/fulldisclosure/2010/Oct/11<http://seclists.org/fulldisclosure/2010/Oct/119>
9 <http://seclists.org/fulldisclosure/2010/Oct/119>

I would say still relevant though, Ive seen barracuda passwords match the
domain admin password in the past.

On Wed, Jun 8, 2011 at 11:01 AM, Gutek <ange.gutek () gmail com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 08/06/2011 06:00, Brendan Coles a écrit :
There's tonnes of information available in the
Barracuda config files, including plaintext passwords for all mail
accounts.
The configuration files often contain hundreds (if not thousands) of user
accounts so I've left this information out for now.

(script not tested yet)
So, maybe it would be useful to report if such accounts are present, and
how many ? that way the nmap user would be aware of this critical info
and could investigate further.

Thanks for this script,

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEUEARECAAYFAk3vnOwACgkQ3aDTTO0ha7ivDgCfX2ej9Ux/IKZF8aMRB9AT8RYp
HAMAljTDsfhww+AiXnJ3XcxBRKsDlOI=
=jnfg
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]