Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] metasploit-msgrpc-brute

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 29 Jun 2012 23:59:36 +0200
Heh, just saw the "to annoy bruteforcers" piece of code an hour ago
while investigating something else.

I will make a test and see how fast this actually is.
Good point on retries Patrik, forgot about that.

As for SSL, http lib handles that too.
Also, fingerprints and version probes should be added soon so that
would handle the ,so to say, non-standard ports.

Thanks all,
Aleksandar

On Fri, Jun 29, 2012 at 11:03 PM, Patrik Karlsson <patrik () cqure net> wrote:

On Fri, Jun 29, 2012 at 10:43 PM, HD Moore <hdm () digitaloffense net> wrote:


Hi Patrik,

We added a minimum delay for repeated authentication attempts to this
protocol a few months ago. The 55553 service is normally plain TCP, but the
commercial products use 50505 (localhost, plain TCP) proxied over 3790 SSL
via the /api URL. The caveat for the commercial products is that
user-created passwords are validated for some basic complexity requirements
(no repeating characters, repetition of the username, super common words,
etc). Neither interface has default usernames or passwords.

HTH,

-HD





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



Thanks for the information, much appreciated!

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: