Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] New script krb5-enum-users
From: Duarte Silva <duarte.silva () serializing me>
Date: Sun, 23 Oct 2011 14:18:08 +0100

Hi,

that's strange, I only did a "svn diff". Next time I will test it before :P

Regards,
Duarte Silva

On Saturday 22 October 2011 20:01:46 Patrik Karlsson wrote:
Thanks Duarte,

For some reason the patch failed to applied, so I went over each file and
did the changes myself. It's committed as r26923.

Cheers,
Patrik

Den 10/22/11 8:36 PM skrev Duarte Silva <duarte.silva () serializing me>:
Hi,

the required patch for the user enumeration scripts categories follows
has an
attachment. To be noted that I did an additional change to krb5-enum-
users.nse, changed from safe to intrusive if that is ok with y'all.

Best regards,
Duarte Silva

On Saturday 22 October 2011 19:05:32 David Fifield wrote:
On Sat, Oct 22, 2011 at 03:41:01PM +0200, Patrik Karlsson wrote:
Den 10/22/11 12:54 PM skrev Duarte Silva

<duarte.silva () serializing me>:
Hi,

after looking at Patrik new kerberos user enumeration script, it got

me

tinkering about the categories of user enumeration scripts. After

some

grep'ing I got the following categories (I may have missed some?).

domino-enum-users.nse:categories = {"intrusive", "auth"}
http-userdir-enum.nse:categories = {"discovery", "intrusive"}
krb5-enum-users.nse:categories = {"auth", "discovery", "safe"}
mysql-users.nse:categories = {"discovery", "intrusive"}
ncp-enum-users.nse:categories = {"discovery", "safe"}
oracle-enum-users.nse:categories = {"intrusive", "auth"}
sip-enum-users.nse:categories = {"intrusive", "auth"}
smb-enum-users.nse:categories = {"discovery","intrusive"}
smtp-enum-users.nse:categories =

{"discovery","external","intrusive"}

snmp-win32-users.nse:categories = {"default", "discovery", "safe"}
http-wordpress-enum.nse:categories = {"discovery", "auth",
"intrusive",

"vuln"}

Taking into account the NSE categories descriptions [1], with the
exception of
snmp-win32-users.nse and ncp-enum-users.nse, all the scripts should,

in

my
opinion, be considered intrusive since they will brute force the user
names.

The discovery category would be removed from all of them since we

aren't

"discover(ing) more about the network by querying public registries".

All of them would be in the auth category. Any thoughts? Ideas?

I think this sounds reasonable (removing discovery and adding auth).
Unless anyone strongly objects feel free to send me a patch and I will
apply it.

It sounds good to me too.

David Fifield

Index: http-userdir-enum.nse
===================================================================
--- http-userdir-enum.nse       (revision 26922)
+++ http-userdir-enum.nse       (working copy)
@@ -1,6 +1,6 @@

author = "jah"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"discovery", "intrusive"}
+categories = {"auth", "intrusive"}

description = [[
Attempts to enumerate valid usernames on web servers running with the

mod_userdir

module or similar enabled.

Index: mysql-users.nse
===================================================================
--- mysql-users.nse     (revision 26922)
+++ mysql-users.nse     (working copy)
@@ -25,7 +25,7 @@

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"discovery", "intrusive"}
+categories = {"auth", "intrusive"}

require 'shortport'
require 'stdnse'

Index: http-wordpress-enum.nse
===================================================================
--- http-wordpress-enum.nse     (revision 26922)
+++ http-wordpress-enum.nse     (working copy)
@@ -29,7 +29,7 @@

author = "Paulino Calderon"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"discovery", "auth", "intrusive", "vuln"}
+categories = {"auth", "intrusive", "vuln"}

require "shortport"
require "http"

Index: krb5-enum-users.nse
===================================================================
--- krb5-enum-users.nse (revision 26922)
+++ krb5-enum-users.nse (working copy)
@@ -35,7 +35,7 @@

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"auth", "discovery", "safe"}
+categories = {"auth", "intrusive"}

require 'shortport'
require 'stdnse'

@@ -393,4 +393,4 @@

               result = { name = "Discovered Kerberos principals",

result }

       end
       return stdnse.format_output(true, result)

-end
\ No newline at end of file
+end
Index: snmp-win32-users.nse
===================================================================
--- snmp-win32-users.nse        (revision 26922)
+++ snmp-win32-users.nse        (working copy)
@@ -18,7 +18,7 @@

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"default", "discovery", "safe"}
+categories = {"default", "auth", "safe"}

dependencies = {"snmp-brute"}

-- Version 0.3

Index: smtp-enum-users.nse
===================================================================
--- smtp-enum-users.nse (revision 26922)
+++ smtp-enum-users.nse (working copy)
@@ -42,7 +42,7 @@

author = "Duarte Silva <duarte.silva () serializing me>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"discovery","external","intrusive"}
+categories = {"auth","external","intrusive"}

require "shortport"
require "stdnse"

Index: ncp-enum-users.nse
===================================================================
--- ncp-enum-users.nse  (revision 26922)
+++ ncp-enum-users.nse  (working copy)
@@ -24,7 +24,7 @@

author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"discovery", "safe"}
+categories = {"auth", "safe"}

require 'shortport'
require 'ncp'

Index: smb-enum-users.nse
===================================================================
--- smb-enum-users.nse  (revision 26922)
+++ smb-enum-users.nse  (working copy)
@@ -135,7 +135,7 @@

author = "Ron Bowes"
copyright = "Ron Bowes"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

-categories = {"discovery","intrusive"}
+categories = {"auth","intrusive"}

dependencies = {"smb-brute"}

require 'msrpc'

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault