Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] How brute scripts and UN/PW scripts interact with creds
From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 25 Dec 2011 22:33:56 +0100

On Sat, Dec 24, 2011 at 4:04 AM, Brendan Byrd <sineswiper () gmail com> wrote:

While looking into scanning a large batch of hosts with different SNMP
community strings, I seem to be faced with a potential problem with just
how NSE scripts treat UN/PWs in general.  We have creds, a library for
storing UN/PWs for various hosts, but it doesn't appear to be long-term,
and there is not a lot of interaction with it and other scripts.
Currently, creds doesn't have a "saveToFile" function, so I created one.


I'm guessing by long-term you mean that they are not stored once Nmap
finishes?
As for script interaction, the library was added not that long ago and all
scripts that make use of the brute library implicitly use it.
But there is some work left of migrating old brute scripts to the brute
framework and adding the cred library to those that could use it. As for
saveToFile function there was one added by Tom Sellers 2011/09/04, but it
doesn't appear in the nsedoc due to a formatting issue.



However, now we run into the issue of wasted cycles trying to load a
growing creds file against thousands of script sessions.  Every since
instance of snmp-brute would be reading the whole file and then writing the
whole file.  If there is an nmap.registry.creds check, then we at least
don't have to read the file more than once, but when do we write to it?  At
the end of each instance?  Is there a function that could be added to the
library to write the file on NMap exit?


Scripts with a postrule run after Nmap has scanned all of it's targets. For
more information check:
http://nmap.org/book/nse-usage.html



There's also the matter of database size.  Is the Lua code fast enough to
look through, say, 10K hosts in a Lua table among thousands of script
checks?  If not, then some sort of mini-database format, or maybe a better
type of lookup, would need to be created.


Just to get a better understanding, could you provide me with a use case
here?



And finally, adoption of creds within the scripts, both brute crackers for
writing UN/PW, and version scanning / querying scripts for reading them.  I
don't see it used often enough.


Like I mentioned earlier, the brute library already uses the creds library,
as for the other scripts they still need to be updated.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]