Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Multi-threaded telnet-brute
From: David Fifield <david () bamsoftware com>
Date: Thu, 15 Aug 2013 00:06:53 -0700

On Wed, Aug 07, 2013 at 01:55:30AM +0000, nnposter () users sourceforge net wrote:
I have put together another revision of telnet-brute.nse with the
objective of utilizing nselib/brute.lua.

Notable features:

- Multi-threaded (thanks to nselib/brute.lua)

- Can automatically reduce number of threads if it senses that the
  target supports less than what brute.lua wants to use. Without this
  feature the script tends to bail out because brute.lua default of 10
  threads is too much for a lot of telnet targets. This saves the user
  the trouble of finding out how much the target can take before
  launching the script.

- Uses connection pooling for sending multiple login attempts across
  the same connection. This significantly improves performance.

- Supports password-only logins.

Thanks, I committed this new revision in r31834.

I would very much appreciate if the community tested the script against
additional target types. If you find the script does not work in your
particular environment then please run it single-threaded (i.e.,
--script-args brute.threads=1) and send me the full nmap output with
debug level 3 (-ddd). Feel free to edit the output to replace the
individual password characters but please do not alter the output

Any constructive feedback is very welcome.

These are the results I saw running against Linux telnetd.

2223/tcp open  telnet  syn-ack Linux telnetd
| telnet-brute:
|   Accounts
|     No valid accounts found
|   Statistics
|     Performed 73 guesses in 114 seconds, average tps: 0
|_ ERROR: Too many retries, aborted ...

David Fifield
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]