PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-03 13:19:04 +00:00
Code Issues Projects Releases Wiki Activity

ldap-brute: Added feedback to -vv output when a valid

Browse Source 
user/password combination is found.
This commit is contained in:
tomsellers
2011-09-03 04:15:28 +00:00
parent 1ef0db4b33
commit 5b512f0914
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/ldap-brute.nse
View File

@@ -172,36 +172,42 @@ action = function( host, port )
-- Account Locked Out
if not status and response:match("AcceptSecurityContext error, data 775,") then
table.insert( valid_accounts, string.format("%s => Account locked out", fq_username ) )
stdnse.print_verbose(2, string.format(" ldap-brute: %s => Account locked out", fq_username ))
break
end
-- Login correct, account disabled
if not status and response:match("AcceptSecurityContext error, data 533,") then
table.insert( valid_accounts, string.format("%s:%s => Login correct, account disabled", fq_username, password:len()>0 and password or "<empty>" ) )
stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, account disabled", fq_username, password:len()>0 and password or "<empty>" ))
break
end
-- Login correct, user must change password
if not status and response:match("AcceptSecurityContext error, data 773,") then
table.insert( valid_accounts, string.format("%s:%s => Login correct, user must change password", fq_username, password:len()>0 and password or "<empty>" ) )
stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user must change password", fq_username, password:len()>0 and password or "<empty>" ))
break
end
-- Login correct, user account expired
if not status and response:match("AcceptSecurityContext error, data 701,") then
table.insert( valid_accounts, string.format("%s:%s => Login correct, user account expired", fq_username, password:len()>0 and password or "<empty>" ) )
stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user account expired", fq_username, password:len()>0 and password or "<empty>" ))
break
end
-- Login correct, user account logon time restricted
if not status and response:match("AcceptSecurityContext error, data 530,") then
table.insert( valid_accounts, string.format("%s:%s => Login correct, user account logon time restricted", fq_username, password:len()>0 and password or "<empty>" ) )
stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user account logon time restricted", fq_username, password:len()>0 and password or "<empty>" ))
break
end
-- Login correct, user account can only log in from certain workstations
if not status and response:match("AcceptSecurityContext error, data 531,") then
table.insert( valid_accounts, string.format("%s:%s => Login correct, user account cannot login from current host", fq_username, password:len()>0 and password or "<empty>" ) )
stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct, user account cannot login from current host", fq_username, password:len()>0 and password or "<empty>" ))
break
end
@@ -210,7 +216,7 @@ action = function( host, port )
status = is_valid_credential( socket, context )
if status then
table.insert( valid_accounts, string.format("%s:%s => Login correct", fq_username, password:len()>0 and password or "<empty>" ) )
stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Login correct", fq_username, password:len()>0 and password or "<empty>" ) )
-- Add credentials for other ldap scripts to use
if nmap.registry.ldapaccounts == nil then
nmap.registry.ldapaccounts = {}