Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ftp brute using brute lib
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Sun, 13 May 2012 17:51:43 +0200

I've made those changes.
See the attached script.

On Sun, May 13, 2012 at 1:15 PM, Patrik Karlsson <patrik () cqure net> wrote:



On Sun, May 13, 2012 at 1:07 PM, Aleksandar Nikolic <
nikolic.alek () gmail com> wrote:

Hi all,


I needed to get to know the brute lib so I rewrote the ftp bruteforce
script
using brute lib. It reuses the same code from ftp-brute.nse modified
to use brute lib.

In my tests it has proven to be a lot faster than the previous version.
For example:
|   Statistics
|_    Performed 510 guesses in 610 seconds, average tps: 0

Check it out , and let me know what I need to improve.

,
Aleksandar

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



Hi Aleksander,

I had a quick look at it and I would suggest the following:
- Remove the check function in the Driver, it's no longer being used
- Connect the socket in the connect method, otherwise you may end up
having trouble when the maximum open sockets is reached. What happens is
that the brute library has pulled a user + password combination from the
queue when calling login and if the socket blocks at this point (doesn't
move passed connect) these credentials (being early in the list) won't be
guessed until the end, when sockets are starting to close.
- Close the socket in the disconnect function, for the same reason as
already mentioned.

You can check out some of the recent brute scripts to see how to do this,
but essentially you create the socket as self.socket = nmap.new_socket()
and it will be accessible in the other methods as self.socket.

Cheers,
Patrik
--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77



Attachment: ftp-brute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault