Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 11 Nov 2011 06:54:01 +0100

On Thu, Nov 10, 2011 at 11:49 PM, Vlatko Kosturjak <kost () linux hr> wrote:

On Thu, Nov 10, 2011 at 11:25:53PM +0100, Patrik Karlsson wrote:
I've tested, modified and committed two scripts so far.
I experienced the same problem with the openvas-otp-brute script that I
saw
with Nessus.
If you let it run for a while, it will fail due to "To many retries,
aborted ..."
These are the scripts and changes I committed:

* metasploit-xmlrpc-brute (r27059)
- Guess password only, the username is always msf

 ./msfrpcd -h

Usage: msfrpcd <options>

OPTIONS:

   -P <opt>  Specify the password to access msfrpcd
   -S        Disable SSL on the RPC socket
   -U <opt>  Specify the username to access msfrpcd


Hope it helps,
--
Vlatko Kosturjak - KoSt


Thanks for the catch, and sorry about that. I've re-enabled username
support in r27060.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]