mailing list archives
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 29 Jun 2012 10:53:07 +0200
as was requested, I've written a new brute script for Metasploit's
The script has a encode function which "emulates" the way msgpack
packs data. Packed data is sent to the service in a form of POST request.
description = [[
Performs brute force username and password guessing against
Metasploit msgrpc interface.
-- nmap --script metasploit-msgrpc-brute -p 55553 <host>
-- This script uses brute library to perform password
-- guessing agains Metasploit's msgrpc interface.
-- PORT STATE SERVICE REASON
-- 55553/tcp open unknown syn-ack
-- | metasploit-msgrpc-brute:
-- | Accounts
-- | root:root - Valid credentials
-- | Statistics
-- |_ Performed 10 guesses in 10 seconds, average tps: 1
Check the script , and tell me what you think.
If everything is fine, I'll move it to the trunk tomorrow.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] metasploit-msgrpc-brute Aleksandar Nikolic (Jun 29)