Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 10 Nov 2011 10:36:11 +0100

On Thu, Nov 10, 2011 at 08:23:34AM +0100, Patrik Karlsson wrote:
Thanks Kost!

I'll check your scripts out later today!
In regards to Nessus NTP I believe I was seeing that the account could not
be reliably detected in case the dictionary was big and the brute ran with
multiple threads for a while. I'll see if I can find that out for you and
let you know.

Great and Thanks! 

I would like to investigate that behaviour since I did not experience it
with the Perl script and NSE. 

BTW Since you're the NSE master ;) is there any way to force https directly 
from the script when using http.post? That would mitigate the current problem
I mentioned, but not sure if that's the long term solution for this or for 
any other script. 

Vlatko Kosturjak - KoSt
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]