mirror of
https://github.com/nmap/nmap.git
synced 2025-12-08 05:31:31 +00:00
Remove explicit timelimit checking from ms-sql-brute, pgsql-brute,
mysql-brute, ldap-brute, and afp-brute. The unpwdb library does this automatically now.
This commit is contained in:
david
@@ -43,9 +43,7 @@ portrule = shortport.port_or_service(548, "afp")
|
|||||||
|
|
||||||
action = function( host, port )
|
action = function( host, port )
|
||||||
|
|
||||||
local max_time = unpwdb.timelimit() ~= nil and unpwdb.timelimit() * 1000 or -1
|
local result, response, status = {}, nil, nil
|
||||||
local clock_start = nmap.clock_ms()
|
|
||||||
local result, response, status, aborted = {}, nil, nil, false
|
|
||||||
local valid_accounts, found_users = {}, {}
|
local valid_accounts, found_users = {}, {}
|
||||||
local helper
|
local helper
|
||||||
|
|
||||||
@@ -58,10 +56,6 @@ action = function( host, port )
|
|||||||
for password in passwords do
|
for password in passwords do
|
||||||
for username in usernames do
|
for username in usernames do
|
||||||
if ( not(found_users[username]) ) then
|
if ( not(found_users[username]) ) then
|
||||||
if max_time>0 and nmap.clock_ms() - clock_start > max_time then
|
|
||||||
aborted=true
|
|
||||||
break
|
|
||||||
end
|
|
||||||
|
|
||||||
helper = afp.Helper:new()
|
helper = afp.Helper:new()
|
||||||
status, response = helper:OpenSession( host, port )
|
status, response = helper:OpenSession( host, port )
|
||||||
@@ -102,11 +96,7 @@ action = function( host, port )
|
|||||||
end
|
end
|
||||||
|
|
||||||
local output = stdnse.format_output(true, valid_accounts)
|
local output = stdnse.format_output(true, valid_accounts)
|
||||||
|
|
||||||
if max_time > 0 and aborted then
|
|
||||||
output = ( output or "" ) .. string.format(" \n\nscript aborted execution after %d seconds", max_time/1000 )
|
|
||||||
end
|
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -116,9 +116,7 @@ action = function( host, port )
|
|||||||
local result, response, status, context, valid_accounts = {}, nil, nil, nil, {}
|
local result, response, status, context, valid_accounts = {}, nil, nil, nil, {}
|
||||||
local usernames, passwords, username, password, fq_username
|
local usernames, passwords, username, password, fq_username
|
||||||
local user_cnt, invalid_account_cnt, tot_tries = 0, 0, 0
|
local user_cnt, invalid_account_cnt, tot_tries = 0, 0, 0
|
||||||
local aborted
|
|
||||||
|
|
||||||
local max_time = unpwdb.timelimit() ~= nil and unpwdb.timelimit() * 1000 or -1
|
|
||||||
local clock_start = nmap.clock_ms()
|
local clock_start = nmap.clock_ms()
|
||||||
|
|
||||||
local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 )
|
local ldap_anonymous_bind = string.char( 0x30, 0x0c, 0x02, 0x01, 0x01, 0x60, 0x07, 0x02, 0x01, 0x03, 0x04, 0x00, 0x80, 0x00 )
|
||||||
@@ -158,11 +156,6 @@ action = function( host, port )
|
|||||||
end
|
end
|
||||||
|
|
||||||
for username in usernames do
|
for username in usernames do
|
||||||
-- is the aborted flag set
|
|
||||||
if ( aborted ) then
|
|
||||||
break
|
|
||||||
end
|
|
||||||
|
|
||||||
-- if a base DN was set append our username (CN) to the base
|
-- if a base DN was set append our username (CN) to the base
|
||||||
if base_dn then
|
if base_dn then
|
||||||
fq_username = ("cn=%s,%s"):format(username, base_dn)
|
fq_username = ("cn=%s,%s"):format(username, base_dn)
|
||||||
@@ -171,13 +164,6 @@ action = function( host, port )
|
|||||||
end
|
end
|
||||||
user_cnt = user_cnt + 1
|
user_cnt = user_cnt + 1
|
||||||
for password in passwords do
|
for password in passwords do
|
||||||
|
|
||||||
-- Should we abort?
|
|
||||||
if max_time>0 and nmap.clock_ms() - clock_start > max_time then
|
|
||||||
aborted=true
|
|
||||||
break
|
|
||||||
end
|
|
||||||
|
|
||||||
tot_tries = tot_tries + 1
|
tot_tries = tot_tries + 1
|
||||||
|
|
||||||
-- handle special case where we want to guess the username as password
|
-- handle special case where we want to guess the username as password
|
||||||
@@ -246,10 +232,6 @@ action = function( host, port )
|
|||||||
|
|
||||||
local output = stdnse.format_output(true, valid_accounts) or ""
|
local output = stdnse.format_output(true, valid_accounts) or ""
|
||||||
|
|
||||||
if ( max_time > 0 and aborted ) then
|
|
||||||
output = output .. string.format(" \n\nNOTE: script aborted execution after %d seconds", max_time/1000 )
|
|
||||||
end
|
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -30,12 +30,10 @@ portrule = shortport.port_or_service(1433, "ms-sql-s")
|
|||||||
|
|
||||||
action = function( host, port )
|
action = function( host, port )
|
||||||
|
|
||||||
local result, response, status, aborted = {}, nil, nil, false
|
local result, response, status = {}, nil, nil
|
||||||
local valid_accounts = {}
|
local valid_accounts = {}
|
||||||
local usernames, passwords
|
local usernames, passwords
|
||||||
local username, password
|
local username, password
|
||||||
local max_time = unpwdb.timelimit() ~= nil and unpwdb.timelimit() * 1000 or -1
|
|
||||||
local clock_start = nmap.clock_ms()
|
|
||||||
local helper = mssql.Helper:new()
|
local helper = mssql.Helper:new()
|
||||||
|
|
||||||
status, usernames = unpwdb.usernames()
|
status, usernames = unpwdb.usernames()
|
||||||
@@ -49,11 +47,6 @@ action = function( host, port )
|
|||||||
|
|
||||||
for username in usernames do
|
for username in usernames do
|
||||||
for password in passwords do
|
for password in passwords do
|
||||||
|
|
||||||
if max_time>0 and nmap.clock_ms() - clock_start > max_time then
|
|
||||||
aborted=true
|
|
||||||
break
|
|
||||||
end
|
|
||||||
|
|
||||||
status, result = helper:Connect(host, port)
|
status, result = helper:Connect(host, port)
|
||||||
if( not(status) ) then
|
if( not(status) ) then
|
||||||
@@ -85,9 +78,5 @@ action = function( host, port )
|
|||||||
|
|
||||||
local output = stdnse.format_output(true, valid_accounts)
|
local output = stdnse.format_output(true, valid_accounts)
|
||||||
|
|
||||||
if max_time > 0 and aborted then
|
|
||||||
output = output .. string.format(" \n\nscript aborted execution after %d seconds", max_time/1000 )
|
|
||||||
end
|
|
||||||
|
|
||||||
return output
|
return output
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -39,12 +39,10 @@ action = function( host, port )
|
|||||||
local socket = nmap.new_socket()
|
local socket = nmap.new_socket()
|
||||||
local catch = function() socket:close() end
|
local catch = function() socket:close() end
|
||||||
local try = nmap.new_try(catch)
|
local try = nmap.new_try(catch)
|
||||||
local result, response, status, aborted = {}, nil, nil, false
|
local result, response, status = {}, nil, nil
|
||||||
local valid_accounts = {}
|
local valid_accounts = {}
|
||||||
local usernames, passwords
|
local usernames, passwords
|
||||||
local username, password
|
local username, password
|
||||||
local max_time = unpwdb.timelimit() ~= nil and unpwdb.timelimit() * 1000 or -1
|
|
||||||
local clock_start = nmap.clock_ms()
|
|
||||||
|
|
||||||
-- set a reasonable timeout value
|
-- set a reasonable timeout value
|
||||||
socket:set_timeout(5000)
|
socket:set_timeout(5000)
|
||||||
@@ -55,11 +53,6 @@ action = function( host, port )
|
|||||||
for username in usernames do
|
for username in usernames do
|
||||||
for password in passwords do
|
for password in passwords do
|
||||||
|
|
||||||
if max_time>0 and nmap.clock_ms() - clock_start > max_time then
|
|
||||||
aborted=true
|
|
||||||
break
|
|
||||||
end
|
|
||||||
|
|
||||||
try( socket:connect(host.ip, port.number, "tcp") )
|
try( socket:connect(host.ip, port.number, "tcp") )
|
||||||
response = try( mysql.receiveGreeting( socket ) )
|
response = try( mysql.receiveGreeting( socket ) )
|
||||||
|
|
||||||
@@ -85,10 +78,6 @@ action = function( host, port )
|
|||||||
|
|
||||||
local output = stdnse.format_output(true, valid_accounts)
|
local output = stdnse.format_output(true, valid_accounts)
|
||||||
|
|
||||||
if max_time > 0 and aborted then
|
|
||||||
output = output .. string.format(" \n\nscript aborted execution after %d seconds", max_time/1000 )
|
|
||||||
end
|
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -76,9 +76,7 @@ end
|
|||||||
action = function( host, port )
|
action = function( host, port )
|
||||||
|
|
||||||
local status, response, ssl_enable, output
|
local status, response, ssl_enable, output
|
||||||
local max_time = unpwdb.timelimit() ~= nil and unpwdb.timelimit() * 1000 or -1
|
local result, response, status, nossl = {}, nil, nil, false
|
||||||
local clock_start = nmap.clock_ms()
|
|
||||||
local result, response, status, aborted, nossl = {}, nil, nil, false, false
|
|
||||||
local valid_accounts = {}
|
local valid_accounts = {}
|
||||||
local pg
|
local pg
|
||||||
|
|
||||||
@@ -110,11 +108,6 @@ action = function( host, port )
|
|||||||
for username in usernames do
|
for username in usernames do
|
||||||
ssl_enable = not(nossl)
|
ssl_enable = not(nossl)
|
||||||
for password in passwords do
|
for password in passwords do
|
||||||
if max_time>0 and nmap.clock_ms() - clock_start > max_time then
|
|
||||||
aborted=true
|
|
||||||
break
|
|
||||||
end
|
|
||||||
|
|
||||||
stdnse.print_debug( string.format("Trying %s/%s ...", username, password ) )
|
stdnse.print_debug( string.format("Trying %s/%s ...", username, password ) )
|
||||||
socket = connectSocket( host, port, ssl_enable )
|
socket = connectSocket( host, port, ssl_enable )
|
||||||
status, response = pg.sendStartup(socket, username, username)
|
status, response = pg.sendStartup(socket, username, username)
|
||||||
@@ -169,10 +162,7 @@ action = function( host, port )
|
|||||||
end
|
end
|
||||||
|
|
||||||
output = stdnse.format_output(true, valid_accounts)
|
output = stdnse.format_output(true, valid_accounts)
|
||||||
if max_time > 0 and aborted then
|
|
||||||
output = output .. string.format(" \n\nscript aborted execution after %d seconds", max_time/1000 )
|
|
||||||
end
|
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user