mailing list archives
Re: [NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 11 Nov 2011 19:27:29 +0100
On Fri, Nov 11, 2011 at 6:54 AM, Patrik Karlsson <patrik () cqure net> wrote:
On Thu, Nov 10, 2011 at 11:49 PM, Vlatko Kosturjak <kost () linux hr> wrote:
On Thu, Nov 10, 2011 at 11:25:53PM +0100, Patrik Karlsson wrote:
I've tested, modified and committed two scripts so far.
I experienced the same problem with the openvas-otp-brute script that I
If you let it run for a while, it will fail due to "To many retries,
These are the scripts and changes I committed:
* metasploit-xmlrpc-brute (r27059)
- Guess password only, the username is always msf
Usage: msfrpcd <options>
-P <opt> Specify the password to access msfrpcd
-S Disable SSL on the RPC socket
-U <opt> Specify the username to access msfrpcd
Hope it helps,
Vlatko Kosturjak - KoSt
Thanks for the catch, and sorry about that. I've re-enabled username
support in r27060.
The attached patch contains some cleanup of the nexpose-brute script.
Before I commit it though I wanted to get some opinions from the list in
regards to account lockout.
In general I haven't bothered too much with account lockout before, but
Nexpose locks accounts after 4 incorrect attempts per default. In the
community edition I have been testing it against, I can't get back in
without restarting the as the only account I have gets locked. So, my
question is, do we need to address this in some way, limiting the amount of
tries to 3 per account and allowing the user to force more attempts through
a script argument?
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/