Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] metasploit-msgrpc-brute
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 29 Jun 2012 23:03:56 +0200

On Fri, Jun 29, 2012 at 10:43 PM, HD Moore <hdm () digitaloffense net> wrote:

Hi Patrik,

We added a minimum delay for repeated authentication attempts to this
protocol a few months ago. The 55553 service is normally plain TCP, but the
commercial products use 50505 (localhost, plain TCP) proxied over 3790 SSL
via the /api URL. The caveat for the commercial products is that
user-created passwords are validated for some basic complexity requirements
(no repeating characters, repetition of the username, super common words,
etc). Neither interface has default usernames or passwords.

HTH,

-HD





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Thanks for the information, much appreciated!

//Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault