Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] metasploit-msgrpc-brute
From: "HD Moore" <hdm () digitaloffense net>
Date: Fri, 29 Jun 2012 15:43:04 -0500

Hi Patrik,

We added a minimum delay for repeated authentication attempts to this
protocol a few months ago. The 55553 service is normally plain TCP, but the
commercial products use 50505 (localhost, plain TCP) proxied over 3790 SSL
via the /api URL. The caveat for the commercial products is that
user-created passwords are validated for some basic complexity requirements
(no repeating characters, repetition of the username, super common words,
etc). Neither interface has default usernames or passwords.




Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]