From b841ee37b7406f5f23ac9d773724d85131ed5c74 Mon Sep 17 00:00:00 2001 From: tomsellers Date: Tue, 13 Sep 2011 01:44:30 +0000 Subject: [PATCH] a couple more adjustments to account status handling in brute scripts. Revert wording in oracle-brute.nse, add support for new category in ldap-brute.nse and reflect new wording in examples in afp-brute.nse --- scripts/afp-brute.nse | 2 +- scripts/ldap-brute.nse | 12 +++++++++--- scripts/oracle-brute.nse | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/scripts/afp-brute.nse b/scripts/afp-brute.nse index f3291f87f..a1f09a6ca 100644 --- a/scripts/afp-brute.nse +++ b/scripts/afp-brute.nse @@ -10,7 +10,7 @@ Performs password guessing against Apple Filing Protocol (AFP). -- PORT STATE SERVICE -- 548/tcp open afp -- | afp-brute: --- |_ admin:KenSentMe => Login Correct +-- |_ admin:KenSentMe => Valid credentials -- Information on AFP implementations -- diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse index 227d0febb..94e97ab8d 100644 --- a/scripts/ldap-brute.nse +++ b/scripts/ldap-brute.nse @@ -28,7 +28,13 @@ This script uses some AD-specific support and optimizations: -- @output -- 389/tcp open ldap -- | ldap-brute: --- |_ ldaptest:ldaptest => Login Correct +-- |_ ldaptest:ldaptest => Valid credentials +-- | restrict.ws:restricted1 => Valid credentials, account cannot log in from current host +-- | restrict.time:restricted1 => Valid credentials, account cannot log in at current time +-- | valid.user:valid1 => Valid credentials +-- | expired.user:expired1 => Valid credentials, account expired +-- | disabled.user:disabled1 => Valid credentials, account disabled +-- |_ must.change:need2change => Valid credentials, password must be changed at next logon -- -- @args ldap.base If set, the script will use it as a base for the password -- guessing attempts. If both ldap.base and ldap.upnsuffix are unset the user @@ -217,7 +223,7 @@ action = function( host, port ) if not status and response:match("AcceptSecurityContext error, data 775,") then table.insert( valid_accounts, string.format("%s => Valid credentials, account locked", fq_username ) ) stdnse.print_verbose(2, string.format(" ldap-brute: %s => Valid credentials, account locked", fq_username )) - credTable:add(fq_username,password, creds.State.LOCKED) + credTable:add(fq_username,password, creds.State.LOCKED_VALID) break end @@ -225,7 +231,7 @@ action = function( host, port ) if not status and response:match("AcceptSecurityContext error, data 533,") then table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "" ) ) stdnse.print_verbose(2, string.format(" ldap-brute: %s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "" )) - credTable:add(fq_username,password, creds.State.DISABLED) + credTable:add(fq_username,password, creds.State.DISABLED_VALID) break end diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse index ad1c4dd92..1b4331cad 100644 --- a/scripts/oracle-brute.nse +++ b/scripts/oracle-brute.nse @@ -27,7 +27,7 @@ result in a large number of accounts being locked out on the database server. -- 1521/tcp open oracle syn-ack -- | oracle-brute: -- | Accounts --- | system:powell => Valid credentials, account locked +-- | system:powell => Account locked -- | haxxor:haxxor => Valid credentials -- | Statistics -- |_ Perfomed 157 guesses in 8 seconds, average tps: 19