Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Valid usernames but no password with Creds library

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 7 Jul 2011 12:47:00 +0200

On Jul 7, 2011, at 9:05 AM, Paulino Calderon wrote:


Hi Patrik,
   I'm updating scripts to use your credentials library and I'm wondering what are your thoughts about adding valid 
usernames even when we don't have a password. Right now, there is not a way to differentiate when a password is blank 
and when we don't have one since both show the string "<empty>". How do you guys think we should address this? Or do 
you think we shouldn't add credentials to the table if we don't have both a username and password?

Ps. I'm ccing this to nmap-dev for future reference.

Cheers.

-- 
Paulino Calderón Pale
Web: http://calderonpale.com
Twitter: http://www.twitter.com/paulinocaIderon




Hi Paulino,

I'm guessing that these valid usernames come from some of the enumeration scripts?
I see the credential library (database) as two things:
1. storage for discovered credentials, that can be used for consistent output in script results (eg. "Account locked" 
etc.)
2. storage for discovered credentials, that can be queried from other scripts to get known, valid credentials

For case 1, I guess it could make sense to output even discovered user names, in this case we need to find a way to 
distinguish them from discovered credentials
For me personally, I would probably want them in a separate "section" and not mixed together with discovered 
credentials.

For case 2, I wouldn't wan't them mixed with the discovered or parameter supplied credentials.
Here, I think it would probably make sense assigning them their own State, maybe KNOWN_USER/VALID_USER or whatever.
In this case, they can be queried by using the state mask in getCredentials if someone wishes to do that.

I'm guessing a valid use case for 2 could be:
sip-enum-users -> store discovered users to creds library (eg. add("1000",nil, creds.State.KNOWN_USER) )
sip-brute -> gets discovered users (eg. getCredentials(creds.State.KNOWN_USER + creds.State.VALID) )

Does that make sense?

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: