diff --git a/nselib/brute.lua b/nselib/brute.lua
index a84e499ff..00ee8cee0 100644
--- a/nselib/brute.lua
+++ b/nselib/brute.lua
@@ -7,9 +7,6 @@
-- the brute.threads argument, it defaults to 10.
--
-- The library contains the following classes:
--- * Account
--- ** Implements a simple account class, that converts account "states" to common text representation.
--- ** The state can be either of the following: OPEN, LOCKED or DISABLED
-- * Engine
-- ** The actual engine doing the brute-forcing .
-- * Error
@@ -31,7 +28,7 @@
--
-- The login method does not need a lot of explanation. The login
-- function should return two parameters. If the login was successful it should
--- return true and an Account. If the login was a failure it
+-- return true and a creds.Account. If the login was a failure it
-- should return false and an Error. The driver can signal the
-- Engine to retry a set of credentials by calling the Error objects
-- setRetry method. It may also signal the Engine to abort all
@@ -106,7 +103,7 @@
-- status, data = self.socket:receive_bytes(1)
--
-- if ( data:match("SUCCESS") ) then
--- return true, brute.Account:new(username, password, "OPEN")
+-- return true, creds.Account:new(username, password, creds.State.VALID)
-- end
-- return false, brute.Error:new( "login failed" )
-- end,
@@ -288,41 +285,6 @@ Options = {
}
-- The account object which is to be reported back from each driver
-Account =
-{
- --- Creates a new instance of the Account class
- --
- -- @param username containing the user's name
- -- @param password containing the user's password
- -- @param state containing the account state and should be one of the
- -- following OPEN, LOCKED,
- -- DISABLED.
- new = function(self, username, password, state)
- local o = { username = username, password = password, state = state }
- setmetatable(o, self)
- self.__index = self
- return o
- end,
-
- --- Converts an account object to a printable script
- --
- -- @return string representation of object
- toString = function( self )
- local c
- if ( #self.username > 0 ) then
- c = ("%s:%s"):format( self.username, #self.password > 0 and self.password or "" )
- else
- c = ("%s"):format( ( self.password and #self.password > 0 ) and self.password or "" )
- end
- if ( creds.StateMsg[self.state] ) then
- return ( "%s - %s"):format(c, creds.StateMsg[self.state] )
- else
- return ("%s"):format(c)
- end
- end,
-
-}
-
-- The Error class, is currently only used to flag for retries
-- It also contains the error message, if one was returned from the driver.
Error =
diff --git a/nselib/creds.lua b/nselib/creds.lua
index e9a595639..089786a7c 100644
--- a/nselib/creds.lua
+++ b/nselib/creds.lua
@@ -235,6 +235,35 @@ RegStorage = {
}
+Account = {
+ --- Creates a new instance of the Account class
+ --
+ -- @param username containing the user's name
+ -- @param password containing the user's password
+ -- @param state A creds.State account state
+ -- @return A new creds.Account object
+ -- @name Account.new
+ new = function(self, username, password, state)
+ local o = { username = username, password = password, state = state }
+ setmetatable(o, self)
+ self.__index = self
+ return o
+ end,
+
+ --- Converts an account object to a printable script
+ --
+ -- @return string representation of object
+ -- @name Account.__tostring
+ __tostring = function( self )
+ return (
+ (self.user and self.user .. ":" or "") ..
+ (self.pass ~= "" and self.pass or "") ..
+ (self.state and " - " .. self.state or "")
+ )
+ end,
+}
+
+
-- The credentials class
Credentials = {
diff --git a/scripts/ajp-brute.nse b/scripts/ajp-brute.nse
index adf68a319..117368fe7 100644
--- a/scripts/ajp-brute.nse
+++ b/scripts/ajp-brute.nse
@@ -69,7 +69,7 @@ Driver = {
err:setRetry( true )
return false, err
elseif( response.status ~= 401 ) then
- return true, brute.Account:new(user, pass, creds.State.VALID)
+ return true, creds.Account:new(user, pass, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/backorifice-brute.nse b/scripts/backorifice-brute.nse
index 7565cf028..c0c3d36cc 100644
--- a/scripts/backorifice-brute.nse
+++ b/scripts/backorifice-brute.nse
@@ -261,7 +261,7 @@ local Driver =
-- @param username string containing username which is disregarded
-- @param password string containing login password
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function( self, username, password )
local status, msg = self.bo:try_password(password,nil)
if status then
@@ -272,7 +272,7 @@ local Driver =
nmap.registry.credentials['backorifice'] = {}
end
table.insert( nmap.registry.credentials.backorifice, { password = password } )
- return true, brute.Account:new("", password, creds.State.VALID)
+ return true, creds.Account:new("", password, creds.State.VALID)
else
-- The only indication that the password is incorrect is a timeout
local err = brute.Error:new( "Incorrect password" )
diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse
index 9eaf9a8af..d9289ba88 100644
--- a/scripts/cassandra-brute.nse
+++ b/scripts/cassandra-brute.nse
@@ -80,7 +80,7 @@ Driver = {
if (magic == cassandra.LOGINSUCC) then
stdnse.debug3("Account SUCCESS: "..combo)
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
elseif (magic == cassandra.LOGINFAIL) then
stdnse.debug3("Account FAIL: "..combo)
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/cvs-brute-repository.nse b/scripts/cvs-brute-repository.nse
index 3dcb23597..8c8d1a29f 100644
--- a/scripts/cvs-brute-repository.nse
+++ b/scripts/cvs-brute-repository.nse
@@ -1,5 +1,6 @@
local brute = require "brute"
local coroutine = require "coroutine"
+local creds = require "creds"
local cvs = require "cvs"
local io = require "io"
local nmap = require "nmap"
@@ -68,7 +69,7 @@ Driver =
-- script can use them later.
self.host.registry.cvs_repos = self.host.registry.cvs_repos or {}
table.insert(self.host.registry.cvs_repos, password)
- return true, brute.Account:new(username, password, 0)
+ return true, creds.Account:new(username, password, 0)
end
return false, brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/cvs-brute.nse b/scripts/cvs-brute.nse
index 28d304848..6fb5adbd2 100644
--- a/scripts/cvs-brute.nse
+++ b/scripts/cvs-brute.nse
@@ -58,7 +58,7 @@ Driver =
login = function( self, username, password )
local status, err = self.helper:login( self.repo, username, password )
if ( status ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
-- This error seems to indicate that the user does not exist
diff --git a/scripts/domcon-brute.nse b/scripts/domcon-brute.nse
index 213f36547..6793743eb 100644
--- a/scripts/domcon-brute.nse
+++ b/scripts/domcon-brute.nse
@@ -120,7 +120,7 @@ Driver =
-- @param password string containing the login password
-- @return status, true on success, false on failure
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function( self, username, password )
local data = ("#UI %s,%s\n"):format(username,password)
local status
@@ -141,7 +141,7 @@ Driver =
if ( status and data:match("NOT_REG_ADMIN") ) then
not_admins[username] = true
elseif( status and data:match("VALID_USER") ) then
- return true, brute.Account:new( username, password, creds.State.VALID)
+ return true, creds.Account:new( username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/dpap-brute.nse b/scripts/dpap-brute.nse
index e61140eea..1007c493e 100644
--- a/scripts/dpap-brute.nse
+++ b/scripts/dpap-brute.nse
@@ -76,7 +76,7 @@ Driver = {
end
if ( data:match("^HTTP/1.1 200 OK") ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/ftp-brute.nse b/scripts/ftp-brute.nse
index 977c7ff33..6f25e0320 100644
--- a/scripts/ftp-brute.nse
+++ b/scripts/ftp-brute.nse
@@ -85,7 +85,7 @@ Driver = {
stdnse.debug1("Received: %s", line)
if(string.match(line, "^230")) then
stdnse.debug1("Successful login: %s/%s", user, pass)
- return true, brute.Account:new( user, pass, creds.State.VALID)
+ return true, creds.Account:new( user, pass, creds.State.VALID)
elseif(string.match(line, "^530")) then
return false, brute.Error:new( "Incorrect password" )
elseif(string.match(line, "^220")) then
diff --git a/scripts/http-brute.nse b/scripts/http-brute.nse
index 6c5004492..2bfb1d348 100644
--- a/scripts/http-brute.nse
+++ b/scripts/http-brute.nse
@@ -97,7 +97,7 @@ Driver = {
nmap.registry.credentials['http'] = {}
end
table.insert( nmap.registry.credentials.http, { username = username, password = password } )
- return true, brute.Account:new( username, password, creds.State.VALID)
+ return true, creds.Account:new( username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse
index 2496888fb..a15674efb 100644
--- a/scripts/http-form-brute.nse
+++ b/scripts/http-form-brute.nse
@@ -138,7 +138,7 @@ Driver = {
nmap.registry['credentials'] = nmap.registry['credentials'] or {}
nmap.registry.credentials['http'] = nmap.registry.credentials['http'] or {}
table.insert( nmap.registry.credentials.http, { username = username, password = password } )
- return true, brute.Account:new( username, password, creds.State.VALID)
+ return true, creds.Account:new( username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/http-joomla-brute.nse b/scripts/http-joomla-brute.nse
index 6bcf2ede0..6e286fd2b 100644
--- a/scripts/http-joomla-brute.nse
+++ b/scripts/http-joomla-brute.nse
@@ -95,9 +95,7 @@ Driver = {
if response.body and not( response.body:match('name=[\'"]*'..self.options.passvar ) ) then
stdnse.debug2("Response:\n%s", response.body)
- local c = creds.Credentials:new(SCRIPT_NAME, self.host, self.port )
- c:add(username, password, creds.State.VALID )
- return true, brute.Account:new( username, password, "OPEN")
+ return true, creds.Account:new( username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/http-proxy-brute.nse b/scripts/http-proxy-brute.nse
index 1657c73c1..945fe9053 100644
--- a/scripts/http-proxy-brute.nse
+++ b/scripts/http-proxy-brute.nse
@@ -63,7 +63,7 @@ Driver = {
-- if we didn't get a 407 error, assume the credentials
-- were correct. we should probably do some more checks here
if ( response.status ~= 407 ) then
- return true, brute.Account:new( username, password, creds.State.VALID)
+ return true, creds.Account:new( username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/http-wordpress-brute.nse b/scripts/http-wordpress-brute.nse
index b25c4f936..31691fd2d 100644
--- a/scripts/http-wordpress-brute.nse
+++ b/scripts/http-wordpress-brute.nse
@@ -93,7 +93,7 @@ Driver = {
if response.status == 302 then
local c = creds.Credentials:new( SCRIPT_NAME, self.host, self.port )
c:add(username, password, creds.State.VALID )
- return true, brute.Account:new( username, password, "OPEN")
+ return true, creds.Account:new( username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/iax2-brute.nse b/scripts/iax2-brute.nse
index 24ed10bc6..ff52b1cba 100644
--- a/scripts/iax2-brute.nse
+++ b/scripts/iax2-brute.nse
@@ -52,7 +52,7 @@ Driver = {
login = function(self, username, password)
local status, resp = self.helper:regRelease(username, password)
if ( status ) then
- return true, brute.Account:new( username, password, creds.State.VALID )
+ return true, creds.Account:new( username, password, creds.State.VALID )
elseif ( resp == "Release failed" ) then
return false, brute.Error:new( "Incorrect password" )
else
diff --git a/scripts/imap-brute.nse b/scripts/imap-brute.nse
index 65cf35663..2c4f14be4 100644
--- a/scripts/imap-brute.nse
+++ b/scripts/imap-brute.nse
@@ -72,13 +72,13 @@ Driver =
-- @param username string containing the username
-- @param password string containing the password
-- @return status true on success, false on failure
- -- @return brute.Error on failure and brute.Account on success
+ -- @return brute.Error on failure and creds.Account on success
login = function( self, username, password )
local status, err = self.helper:login( username, password, mech )
if ( status ) then
self.helper:close()
self.helper:connect()
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
if ( err:match("^ERROR: Failed to .* data$") ) then
self.helper:close()
diff --git a/scripts/informix-brute.nse b/scripts/informix-brute.nse
index 2b27b92b2..01a16ee2d 100644
--- a/scripts/informix-brute.nse
+++ b/scripts/informix-brute.nse
@@ -73,7 +73,7 @@ Driver =
-- @param password string containing the login password
-- @return status, true on success, false on failure
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function( self, username, password )
local status, data = self.helper:Login( username, password, {} )
@@ -82,10 +82,10 @@ Driver =
nmap.registry['informix-brute'] = {}
end
table.insert( nmap.registry['informix-brute'], { ["username"] = username, ["password"] = password } )
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
-- Check for account locked message
elseif ( data:match("INFORMIXSERVER does not match either DBSERVERNAME or DBSERVERALIASES") ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( data )
diff --git a/scripts/irc-brute.nse b/scripts/irc-brute.nse
index 489c72047..436be1459 100644
--- a/scripts/irc-brute.nse
+++ b/scripts/irc-brute.nse
@@ -80,7 +80,7 @@ Driver = {
until(not(status))
if (success) then
- return true, brute.Account:new("", password, creds.State.VALID)
+ return true, creds.Account:new("", password, creds.State.VALID)
end
return false, brute.Error:new("Incorrect password")
end,
diff --git a/scripts/irc-sasl-brute.nse b/scripts/irc-sasl-brute.nse
index b1579c653..0e0d878da 100644
--- a/scripts/irc-sasl-brute.nse
+++ b/scripts/irc-sasl-brute.nse
@@ -123,7 +123,7 @@ Driver = {
until (not status)
if (success) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new("Incorrect username or password")
end,
diff --git a/scripts/iscsi-brute.nse b/scripts/iscsi-brute.nse
index d3e6a30cf..38f841ffd 100644
--- a/scripts/iscsi-brute.nse
+++ b/scripts/iscsi-brute.nse
@@ -50,7 +50,7 @@ Driver = {
local status = self.helper:login( self.target, username, password, "CHAP")
if ( status ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/membase-brute.nse b/scripts/membase-brute.nse
index 4a4c58238..a5e3ba81d 100644
--- a/scripts/membase-brute.nse
+++ b/scripts/membase-brute.nse
@@ -58,7 +58,7 @@ Driver = {
err:setRetry( true )
return false, err
end
- return true, brute.Account:new( arg_bucketname or username, password, creds.State.VALID)
+ return true, creds.Account:new( arg_bucketname or username, password, creds.State.VALID)
end,
disconnect = function(self)
diff --git a/scripts/metasploit-msgrpc-brute.nse b/scripts/metasploit-msgrpc-brute.nse
index b6693e293..85709268c 100644
--- a/scripts/metasploit-msgrpc-brute.nse
+++ b/scripts/metasploit-msgrpc-brute.nse
@@ -88,7 +88,7 @@ Driver = {
data = http.post(self.host,self.port, "/api/",options, nil , encode(user,pass))
if data and data.status and tostring( data.status ):match( "200" ) then
if string.find(data.body,"success") then
- return true, brute.Account:new( user, pass, creds.State.VALID)
+ return true, creds.Account:new( user, pass, creds.State.VALID)
else
return false, brute.Error:new( "Incorrect username or password" )
end
diff --git a/scripts/metasploit-xmlrpc-brute.nse b/scripts/metasploit-xmlrpc-brute.nse
index 45fe9bff2..84622f66e 100644
--- a/scripts/metasploit-xmlrpc-brute.nse
+++ b/scripts/metasploit-xmlrpc-brute.nse
@@ -70,7 +70,7 @@ Driver =
elseif (string.match(response,"resultsuccess")) then
stdnse.debug1("Good login: %s/%s", username, password)
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
stdnse.debug1("WARNING: Unhandled response: %s", response)
return false, brute.Error:new( "unhandled response" )
diff --git a/scripts/mmouse-brute.nse b/scripts/mmouse-brute.nse
index 35d356599..aaadd11bd 100644
--- a/scripts/mmouse-brute.nse
+++ b/scripts/mmouse-brute.nse
@@ -71,7 +71,7 @@ Driver = {
if (data:match("^CONNECTED\30([^\30]*)") == "NO" ) then
return false, brute.Error:new( "Incorrect password" )
elseif ( data:match("^CONNECTED\30([^\30]*)") == "YES" ) then
- return true, brute.Account:new("", password, creds.State.VALID)
+ return true, creds.Account:new("", password, creds.State.VALID)
end
local err = brute.Error:new("An unexpected error occurred, retrying ...")
diff --git a/scripts/mongodb-brute.nse b/scripts/mongodb-brute.nse
index 2f5438270..e5419c9dc 100644
--- a/scripts/mongodb-brute.nse
+++ b/scripts/mongodb-brute.nse
@@ -49,7 +49,7 @@ Driver = {
login = function(self, username, password)
local status, resp = mongodb.login(self.sock, arg_db, username, password)
if ( status ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
elseif ( resp ~= "Authentication failed" ) then
local err = brute.Error:new( resp )
err:setRetry( true )
diff --git a/scripts/mysql-brute.nse b/scripts/mysql-brute.nse
index b224ddd74..2348f6cff 100644
--- a/scripts/mysql-brute.nse
+++ b/scripts/mysql-brute.nse
@@ -73,7 +73,7 @@ Driver = {
nmap.registry.mysqlusers = {}
end
nmap.registry.mysqlusers[user]=pass
- return true, brute.Account:new( user, pass, creds.State.VALID)
+ return true, creds.Account:new( user, pass, creds.State.VALID)
end
return false,brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/mysql-enum.nse b/scripts/mysql-enum.nse
index c2212c1b5..13a93870f 100644
--- a/scripts/mysql-enum.nse
+++ b/scripts/mysql-enum.nse
@@ -87,7 +87,7 @@ Driver = {
end
if string.find(response,"Access denied for user") == nil then
-- found it
- return true, brute.Account:new( pass, nil, creds.State.VALID)
+ return true, creds.Account:new( pass, nil, creds.State.VALID)
else
return false,brute.Error:new( "Incorrect username" )
end
diff --git a/scripts/nessus-brute.nse b/scripts/nessus-brute.nse
index c7b911602..6686e6b74 100644
--- a/scripts/nessus-brute.nse
+++ b/scripts/nessus-brute.nse
@@ -128,7 +128,7 @@ Driver =
end
if ( line:match("SERVER <|> PREFERENCES_ERRORS <|>") ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
diff --git a/scripts/nessus-xmlrpc-brute.nse b/scripts/nessus-xmlrpc-brute.nse
index 8beedfbb5..9ac5a23f4 100644
--- a/scripts/nessus-xmlrpc-brute.nse
+++ b/scripts/nessus-xmlrpc-brute.nse
@@ -83,7 +83,7 @@ Driver =
local status, response = authenticate(self.host, self.port, username, password)
if ( status and response ) then
if ( response:match("^HTTP/1.1 200 OK.*OK") ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
elseif ( response:match("^HTTP/1.1 200 OK.*ERROR") ) then
return false, brute.Error:new("incorrect login")
end
diff --git a/scripts/nexpose-brute.nse b/scripts/nexpose-brute.nse
index 19ea5e13f..218110138 100644
--- a/scripts/nexpose-brute.nse
+++ b/scripts/nexpose-brute.nse
@@ -63,7 +63,7 @@ Driver =
return false, brute.Error:new( "Bad login" )
elseif (response.body:match('")) then
stdnse.debug1("Good login: %s/%s", username, password)
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
stdnse.debug1("WARNING: Unhandled response: %s", line)
diff --git a/scripts/oracle-brute-stealth.nse b/scripts/oracle-brute-stealth.nse
index 98c8bab57..85cb20434 100644
--- a/scripts/oracle-brute-stealth.nse
+++ b/scripts/oracle-brute-stealth.nse
@@ -117,7 +117,7 @@ Driver =
-- @param password string containing the login password
-- @return status, true on success, false on failure
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function( self, username, password )
local status, data = self.helper:StealthLogin( username, password )
@@ -126,7 +126,7 @@ Driver =
if ( johnfile ) then
johnfile:write(("%s:%s\n"):format(username,hash))
end
- return true, brute.Account:new(username, hash, creds.State.HASHED)
+ return true, creds.Account:new(username, hash, creds.State.HASHED)
else
return false, brute.Error:new( data )
end
diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
index 3ff78bc31..33035bbee 100644
--- a/scripts/oracle-brute.nse
+++ b/scripts/oracle-brute.nse
@@ -133,7 +133,7 @@ Driver =
-- @param password string containing the login password
-- @return status, true on success, false on failure
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function( self, username, password )
local status, data = self.helper:Login( username, password )
@@ -144,14 +144,14 @@ Driver =
if ( status ) then
self.helper:Close()
ConnectionPool[coroutine.running()] = nil
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
-- Check for account locked message
elseif ( data:match("ORA[-]28000") ) then
- return true, brute.Account:new(username, password, creds.State.LOCKED)
+ return true, creds.Account:new(username, password, creds.State.LOCKED)
-- Check for account is SYSDBA message
elseif ( data:match("ORA[-]28009") ) then
sysdba[username] = true
- return true, brute.Account:new(username .. " as sysdba", password, creds.State.VALID)
+ return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
-- check for any other message
elseif ( data:match("ORA[-]%d+")) then
stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
diff --git a/scripts/pcanywhere-brute.nse b/scripts/pcanywhere-brute.nse
index 94432d221..eb4788cf6 100644
--- a/scripts/pcanywhere-brute.nse
+++ b/scripts/pcanywhere-brute.nse
@@ -137,7 +137,7 @@ Driver = {
if status then
retry = true -- now the server is in "locked mode", we need to retry next connection a few times
- return true, brute.Account:new( user, pass, creds.State.VALID)
+ return true, creds.Account:new( user, pass, creds.State.VALID)
end
return false,brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/pop3-brute.nse b/scripts/pop3-brute.nse
index b27b659a8..e077827c0 100644
--- a/scripts/pop3-brute.nse
+++ b/scripts/pop3-brute.nse
@@ -1,5 +1,6 @@
local brute = require "brute"
local comm = require "comm"
+local creds = require "creds"
local nmap = require "nmap"
local pop3 = require "pop3"
local shortport = require "shortport"
@@ -73,13 +74,13 @@ Driver = {
-- @param password string containing the login password
-- @return status, true on success, false on failure
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function(self, username, password)
local pstatus
local perror
pstatus, perror = self.login_function(self.socket, username, password, self.additional)
if pstatus then
- return true, brute.Account:new(username, password, "OPEN")
+ return true, creds.Account:new(username, password, creds.State.VALID)
elseif (perror == pop3.err.pwError) then
return false, brute.Error:new("Wrong password.")
elseif (perror == pop3.err.userError) then
diff --git a/scripts/redis-brute.nse b/scripts/redis-brute.nse
index a0ea0f3ea..0a5ee75c3 100644
--- a/scripts/redis-brute.nse
+++ b/scripts/redis-brute.nse
@@ -54,7 +54,7 @@ Driver = {
return false, brute.Error:new( "Incorrect password" )
elseif ( status and response.type == redis.Response.Type.STATUS and
"+OK" ) then
- return true, brute.Account:new( "", password, creds.State.VALID)
+ return true, creds.Account:new( "", password, creds.State.VALID)
else
local err = brute.Error:new( response.data )
err:setRetry( true )
diff --git a/scripts/rexec-brute.nse b/scripts/rexec-brute.nse
index b1678dff9..18fac6562 100644
--- a/scripts/rexec-brute.nse
+++ b/scripts/rexec-brute.nse
@@ -73,7 +73,7 @@ Driver = {
local response
status, response = self.socket:receive()
if ( status ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/rlogin-brute.nse b/scripts/rlogin-brute.nse
index ab53172c0..bcf467a4d 100644
--- a/scripts/rlogin-brute.nse
+++ b/scripts/rlogin-brute.nse
@@ -130,7 +130,7 @@ Driver = {
return false, brute.Error:new( "Incorrect password" )
end
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end,
disconnect = function(self)
diff --git a/scripts/rpcap-brute.nse b/scripts/rpcap-brute.nse
index 51ec51b06..6669ec7d8 100644
--- a/scripts/rpcap-brute.nse
+++ b/scripts/rpcap-brute.nse
@@ -46,7 +46,7 @@ Driver = {
login = function(self, username, password)
local status, resp = self.helper:login(username, password)
if ( status ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
end,
diff --git a/scripts/rsync-brute.nse b/scripts/rsync-brute.nse
index 11a02f551..9e2ce00a6 100644
--- a/scripts/rsync-brute.nse
+++ b/scripts/rsync-brute.nse
@@ -58,7 +58,7 @@ Driver = {
elseif ( not(status) ) then
return false, brute.Error:new( "Login failed" )
else
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
end,
diff --git a/scripts/sip-brute.nse b/scripts/sip-brute.nse
index cee4630d2..1c374f6a4 100644
--- a/scripts/sip-brute.nse
+++ b/scripts/sip-brute.nse
@@ -65,7 +65,7 @@ Driver = {
end
return false, brute.Error:new( "Incorrect password" )
end
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end,
disconnect = function(self) return self.helper:close() end,
diff --git a/scripts/sip-enum-users.nse b/scripts/sip-enum-users.nse
index 516ff5abe..a5db30155 100644
--- a/scripts/sip-enum-users.nse
+++ b/scripts/sip-enum-users.nse
@@ -7,6 +7,7 @@ local stdnse = require "stdnse"
local table = require "table"
local math = require "math"
local brute = require "brute"
+local creds = require "creds"
local unpwdb = require "unpwdb"
description = [[
@@ -192,17 +193,17 @@ Driver = {
-- requires authentication
if responsecode == sip.Error.UNAUTHORIZED or
responsecode == sip.Error.PROXY_AUTH_REQUIRED then
- return true, brute.Account:new(password, " Auth required", '')
+ return true, creds.Account:new(password, " Auth required", '')
-- If response status code is 200, then extension exists
-- and requires no authentication
elseif responsecode == sip.Error.OK then
- return true, brute.Account:new(password, " No auth", '')
+ return true, creds.Account:new(password, " No auth", '')
-- If response status code is 200, then extension exists
-- but access is forbidden.
elseif responsecode == sip.Error.FORBIDDEN then
- return true, brute.Account:new(password, " Forbidden", '')
+ return true, creds.Account:new(password, " Forbidden", '')
end
return false,brute.Error:new( "Not found" )
else
diff --git a/scripts/smtp-brute.nse b/scripts/smtp-brute.nse
index c82495140..f30364bf3 100644
--- a/scripts/smtp-brute.nse
+++ b/scripts/smtp-brute.nse
@@ -73,13 +73,13 @@ Driver =
-- @param username string containing the username
-- @param password string containing the password
-- @return status true on success, false on failure
- -- @return brute.Error on failure and brute.Account on success
+ -- @return brute.Error on failure and creds.Account on success
login = function( self, username, password )
local status, err = smtp.login( self.socket, username, password, mech )
if ( status ) then
smtp.quit(self.socket)
ConnectionPool[coroutine.running()] = nil
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
if ( err:match("^ERROR: Failed to .*") ) then
self.socket:close()
diff --git a/scripts/socks-brute.nse b/scripts/socks-brute.nse
index 1927cb39b..eccb2f30d 100644
--- a/scripts/socks-brute.nse
+++ b/scripts/socks-brute.nse
@@ -57,7 +57,7 @@ Driver = {
return false, err
end
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end,
disconnect = function( self )
diff --git a/scripts/svn-brute.nse b/scripts/svn-brute.nse
index bef622054..1436ee58c 100644
--- a/scripts/svn-brute.nse
+++ b/scripts/svn-brute.nse
@@ -199,7 +199,7 @@ Driver =
-- @param password string containing the login password
-- @return status, true on success, false on failure
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function( self, username, password )
local status, msg
@@ -213,7 +213,7 @@ Driver =
self.invalid_users[username] = true
return false, brute.Error:new("Username not found")
elseif ( status and msg:match("success") ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
else
return false, brute.Error:new( "Incorrect password" )
end
diff --git a/scripts/telnet-brute.nse b/scripts/telnet-brute.nse
index b2832ced0..9b0e0196a 100644
--- a/scripts/telnet-brute.nse
+++ b/scripts/telnet-brute.nse
@@ -1,5 +1,6 @@
local comm = require "comm"
local coroutine = require "coroutine"
+local creds = require "creds"
local nmap = require "nmap"
local re = require "re"
local U = require "lpeg-utility"
@@ -525,7 +526,7 @@ end
--
-- @param self Driver object
-- @return Status (true or false)
--- @return instance of brute.Account if the operation was successful;
+-- @return instance of creds.Account if the operation was successful;
-- instance of brute.Error otherwise
Driver.methods.login = function (self, username, password)
assert(self.conn, "Attempt to use disconnected driver")
@@ -567,13 +568,13 @@ Driver.methods.login = function (self, username, password)
local login_success = function ()
local msg = "Login succeeded"
debug(detail_debug, msg .. loc)
- return true, brute.Account:new(username, password, "OPEN")
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
local login_no_password = function ()
local msg = "Login succeeded without password"
debug(detail_debug, msg .. loc)
- return true, brute.Account:new(username, "", "OPEN")
+ return true, creds.Account:new(username, "", creds.State.VALID)
end
debug(detail_debug, "Login attempt %s:%s%s", username, password, loc)
diff --git a/scripts/vmauthd-brute.nse b/scripts/vmauthd-brute.nse
index 19ab4868f..0f9dc762e 100644
--- a/scripts/vmauthd-brute.nse
+++ b/scripts/vmauthd-brute.nse
@@ -73,7 +73,7 @@ Driver = {
status, response = self.socket:receive_buf("\r\n", false)
if ( response:match("^230") ) then
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( "Login incorrect" )
diff --git a/scripts/vnc-brute.nse b/scripts/vnc-brute.nse
index 76bc4a168..cc9a20e11 100644
--- a/scripts/vnc-brute.nse
+++ b/scripts/vnc-brute.nse
@@ -68,7 +68,7 @@ Driver =
-- @param password string containing the login password
-- @return status, true on success, false on failure
-- @return brute.Error object on failure
- -- brute.Account object on success
+ -- creds.Account object on success
login = function( self, username, password )
local status, data = self.vnc:handshake()
@@ -87,7 +87,7 @@ Driver =
status, data = self.vnc:login( nil, password )
if ( status ) then
- return true, brute.Account:new("", password, creds.State.VALID)
+ return true, creds.Account:new("", password, creds.State.VALID)
elseif ( not( data:match("Authentication failed") ) ) then
local err = brute.Error:new( data )
-- This might be temporary, set the retry flag
diff --git a/scripts/xmpp-brute.nse b/scripts/xmpp-brute.nse
index e3d9647c9..b1c330f44 100644
--- a/scripts/xmpp-brute.nse
+++ b/scripts/xmpp-brute.nse
@@ -75,13 +75,13 @@ Driver =
-- @param username string containing the username
-- @param password string containing the password
-- @return status true on success, false on failure
- -- @return brute.Error on failure and brute.Account on success
+ -- @return brute.Error on failure and creds.Account on success
login = function( self, username, password )
local status, err = self.helper:login( username, password, mech )
if ( status ) then
self.helper:close()
self.helper:connect()
- return true, brute.Account:new(username, password, creds.State.VALID)
+ return true, creds.Account:new(username, password, creds.State.VALID)
end
if ( err:match("^ERROR: Failed to .* data$") ) then
self.helper:close()