Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] metasploit-msgrpc-brute
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 29 Jun 2012 10:53:07 +0200

Hi all,

as was requested, I've written a new brute script for Metasploit's
rpc service.
The script has a encode function which "emulates" the way msgpack
packs data. Packed data is sent to the service in a form of POST request.



description = [[
Performs brute force username and password guessing against
Metasploit msgrpc interface.

]]

---
-- @usage
-- nmap --script metasploit-msgrpc-brute -p 55553 <host>
--
-- This script uses brute library to perform password
-- guessing agains Metasploit's msgrpc interface.
-- 
--
-- @output
-- PORT      STATE SERVICE REASON
-- 55553/tcp open  unknown syn-ack
-- | metasploit-msgrpc-brute:
-- |   Accounts
-- |     root:root - Valid credentials
-- |   Statistics
-- |_    Performed 10 guesses in 10 seconds, average tps: 1


Check the script , and tell me what you think.
If everything is fine, I'll move it to the trunk tomorrow.

Aleksandar

Attachment: metasploit-msgrpc-brute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]