PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Move brute.Account to creds.Account

Browse Source 
In addition to fitting better (brute library is the verb, creds library
is the noun), this will allow creds.lua to use creds.Account internally
where necessary (see subsequent commits)

Also change old references to string argument "OPEN" into
creds.State.VALID.
This commit is contained in:
dmiller
2014-09-23 05:23:13 +00:00
parent 379759d539
commit f37ac44380
52 changed files with 103 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
nselib/brute.lua
View File

@@ -7,9 +7,6 @@
-- the brute.threads argument, it defaults to 10. -- the brute.threads argument, it defaults to 10.
-- --
-- The library contains the following classes: -- The library contains the following classes:
-- * <code>Account</code>
-- ** Implements a simple account class, that converts account "states" to common text representation.
-- ** The state can be either of the following: OPEN, LOCKED or DISABLED
-- * <code>Engine</code> -- * <code>Engine</code>
-- ** The actual engine doing the brute-forcing . -- ** The actual engine doing the brute-forcing .
-- * <code>Error</code> -- * <code>Error</code>
@@ -31,7 +28,7 @@
-- --
-- The <code>login</code> method does not need a lot of explanation. The login -- The <code>login</code> method does not need a lot of explanation. The login
-- function should return two parameters. If the login was successful it should -- function should return two parameters. If the login was successful it should
-- return true and an <code>Account</code>. If the login was a failure it -- return true and a <code>creds.Account</code>. If the login was a failure it
-- should return false and an <code>Error</code>. The driver can signal the -- should return false and an <code>Error</code>. The driver can signal the
-- Engine to retry a set of credentials by calling the Error objects -- Engine to retry a set of credentials by calling the Error objects
-- <code>setRetry</code> method. It may also signal the Engine to abort all -- <code>setRetry</code> method. It may also signal the Engine to abort all
@@ -106,7 +103,7 @@
-- status, data = self.socket:receive_bytes(1) -- status, data = self.socket:receive_bytes(1)
-- --
-- if ( data:match("SUCCESS") ) then -- if ( data:match("SUCCESS") ) then
-- return true, brute.Account:new(username, password, "OPEN") -- return true, creds.Account:new(username, password, creds.State.VALID)
-- end -- end
-- return false, brute.Error:new( "login failed" ) -- return false, brute.Error:new( "login failed" )
-- end, -- end,
@@ -288,41 +285,6 @@ Options = {
} }
-- The account object which is to be reported back from each driver -- The account object which is to be reported back from each driver
Account =
{
--- Creates a new instance of the Account class
--
-- @param username containing the user's name
-- @param password containing the user's password
-- @param state containing the account state and should be one of the
-- following <code>OPEN</code>, <code>LOCKED</code>,
-- <code>DISABLED</code>.
new = function(self, username, password, state)
local o = { username = username, password = password, state = state }
setmetatable(o, self)
self.__index = self
return o
end,
--- Converts an account object to a printable script
--
-- @return string representation of object
toString = function( self )
local c
if ( #self.username > 0 ) then
c = ("%s:%s"):format( self.username, #self.password > 0 and self.password or "<empty>" )
else
c = ("%s"):format( ( self.password and #self.password > 0 ) and self.password or "<empty>" )
end
if ( creds.StateMsg[self.state] ) then
return ( "%s - %s"):format(c, creds.StateMsg[self.state] )
else
return ("%s"):format(c)
end
end,
}
-- The Error class, is currently only used to flag for retries -- The Error class, is currently only used to flag for retries
-- It also contains the error message, if one was returned from the driver. -- It also contains the error message, if one was returned from the driver.
Error = Error =

29
nselib/creds.lua
View File

@@ -235,6 +235,35 @@ RegStorage = {
} }
Account = {
--- Creates a new instance of the Account class
--
-- @param username containing the user's name
-- @param password containing the user's password
-- @param state A <code>creds.State</code> account state
-- @return A new <code>creds.Account</code> object
-- @name Account.new
new = function(self, username, password, state)
local o = { username = username, password = password, state = state }
setmetatable(o, self)
self.__index = self
return o
end,
--- Converts an account object to a printable script
--
-- @return string representation of object
-- @name Account.__tostring
__tostring = function( self )
return (
(self.user and self.user .. ":" or "") ..
(self.pass ~= "" and self.pass or "<empty>") ..
(self.state and " - " .. self.state or "")
)
end,
}
-- The credentials class -- The credentials class
Credentials = { Credentials = {

2
scripts/ajp-brute.nse
View File

@@ -69,7 +69,7 @@ Driver = {
err:setRetry( true ) err:setRetry( true )
return false, err return false, err
elseif( response.status ~= 401 ) then elseif( response.status ~= 401 ) then
return true, brute.Account:new(user, pass, creds.State.VALID) return true, creds.Account:new(user, pass, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end, end,

4
scripts/backorifice-brute.nse
View File

@@ -261,7 +261,7 @@ local Driver =
-- @param username string containing username which is disregarded -- @param username string containing username which is disregarded
-- @param password string containing login password -- @param password string containing login password
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function( self, username, password ) login = function( self, username, password )
local status, msg = self.bo:try_password(password,nil) local status, msg = self.bo:try_password(password,nil)
if status then if status then
@@ -272,7 +272,7 @@ local Driver =
nmap.registry.credentials['backorifice'] = {} nmap.registry.credentials['backorifice'] = {}
end end
table.insert( nmap.registry.credentials.backorifice, { password = password } ) table.insert( nmap.registry.credentials.backorifice, { password = password } )
return true, brute.Account:new("", password, creds.State.VALID) return true, creds.Account:new("", password, creds.State.VALID)
else else
-- The only indication that the password is incorrect is a timeout -- The only indication that the password is incorrect is a timeout
local err = brute.Error:new( "Incorrect password" ) local err = brute.Error:new( "Incorrect password" )

2
scripts/cassandra-brute.nse
View File

@@ -80,7 +80,7 @@ Driver = {
if (magic == cassandra.LOGINSUCC) then if (magic == cassandra.LOGINSUCC) then
stdnse.debug3("Account SUCCESS: "..combo) stdnse.debug3("Account SUCCESS: "..combo)
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
elseif (magic == cassandra.LOGINFAIL) then elseif (magic == cassandra.LOGINFAIL) then
stdnse.debug3("Account FAIL: "..combo) stdnse.debug3("Account FAIL: "..combo)
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

3
scripts/cvs-brute-repository.nse
View File

@@ -1,5 +1,6 @@
local brute = require "brute" local brute = require "brute"
local coroutine = require "coroutine" local coroutine = require "coroutine"
local creds = require "creds"
local cvs = require "cvs" local cvs = require "cvs"
local io = require "io" local io = require "io"
local nmap = require "nmap" local nmap = require "nmap"
@@ -68,7 +69,7 @@ Driver =
-- script can use them later. -- script can use them later.
self.host.registry.cvs_repos = self.host.registry.cvs_repos or {} self.host.registry.cvs_repos = self.host.registry.cvs_repos or {}
table.insert(self.host.registry.cvs_repos, password) table.insert(self.host.registry.cvs_repos, password)
return true, brute.Account:new(username, password, 0) return true, creds.Account:new(username, password, 0)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end, end,

2
scripts/cvs-brute.nse
View File

@@ -58,7 +58,7 @@ Driver =
login = function( self, username, password ) login = function( self, username, password )
local status, err = self.helper:login( self.repo, username, password ) local status, err = self.helper:login( self.repo, username, password )
if ( status ) then if ( status ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
-- This error seems to indicate that the user does not exist -- This error seems to indicate that the user does not exist

4
scripts/domcon-brute.nse
View File

@@ -120,7 +120,7 @@ Driver =
-- @param password string containing the login password -- @param password string containing the login password
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function( self, username, password ) login = function( self, username, password )
local data = ("#UI %s,%s\n"):format(username,password) local data = ("#UI %s,%s\n"):format(username,password)
local status local status
@@ -141,7 +141,7 @@ Driver =
if ( status and data:match("NOT_REG_ADMIN") ) then if ( status and data:match("NOT_REG_ADMIN") ) then
not_admins[username] = true not_admins[username] = true
elseif( status and data:match("VALID_USER") ) then elseif( status and data:match("VALID_USER") ) then
return true, brute.Account:new( username, password, creds.State.VALID) return true, creds.Account:new( username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

2
scripts/dpap-brute.nse
View File

@@ -76,7 +76,7 @@ Driver = {
end end
if ( data:match("^HTTP/1.1 200 OK") ) then if ( data:match("^HTTP/1.1 200 OK") ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

2
scripts/ftp-brute.nse
View File

@@ -85,7 +85,7 @@ Driver = {
stdnse.debug1("Received: %s", line) stdnse.debug1("Received: %s", line)
if(string.match(line, "^230")) then if(string.match(line, "^230")) then
stdnse.debug1("Successful login: %s/%s", user, pass) stdnse.debug1("Successful login: %s/%s", user, pass)
return true, brute.Account:new( user, pass, creds.State.VALID) return true, creds.Account:new( user, pass, creds.State.VALID)
elseif(string.match(line, "^530")) then elseif(string.match(line, "^530")) then
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
elseif(string.match(line, "^220")) then elseif(string.match(line, "^220")) then

2
scripts/http-brute.nse
View File

@@ -97,7 +97,7 @@ Driver = {
nmap.registry.credentials['http'] = {} nmap.registry.credentials['http'] = {}
end end
table.insert( nmap.registry.credentials.http, { username = username, password = password } ) table.insert( nmap.registry.credentials.http, { username = username, password = password } )
return true, brute.Account:new( username, password, creds.State.VALID) return true, creds.Account:new( username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end, end,

2
scripts/http-form-brute.nse
View File

@@ -138,7 +138,7 @@ Driver = {
nmap.registry['credentials'] = nmap.registry['credentials'] or {} nmap.registry['credentials'] = nmap.registry['credentials'] or {}
nmap.registry.credentials['http'] = nmap.registry.credentials['http'] or {} nmap.registry.credentials['http'] = nmap.registry.credentials['http'] or {}
table.insert( nmap.registry.credentials.http, { username = username, password = password } ) table.insert( nmap.registry.credentials.http, { username = username, password = password } )
return true, brute.Account:new( username, password, creds.State.VALID) return true, creds.Account:new( username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

4
scripts/http-joomla-brute.nse
View File

@@ -95,9 +95,7 @@ Driver = {
if response.body and not( response.body:match('name=[\'"]*'..self.options.passvar ) ) then if response.body and not( response.body:match('name=[\'"]*'..self.options.passvar ) ) then
stdnse.debug2("Response:\n%s", response.body) stdnse.debug2("Response:\n%s", response.body)
local c = creds.Credentials:new(SCRIPT_NAME, self.host, self.port ) return true, creds.Account:new( username, password, creds.State.VALID)
c:add(username, password, creds.State.VALID )
return true, brute.Account:new( username, password, "OPEN")
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end, end,

2
scripts/http-proxy-brute.nse
View File

@@ -63,7 +63,7 @@ Driver = {
-- if we didn't get a 407 error, assume the credentials -- if we didn't get a 407 error, assume the credentials
-- were correct. we should probably do some more checks here -- were correct. we should probably do some more checks here
if ( response.status ~= 407 ) then if ( response.status ~= 407 ) then
return true, brute.Account:new( username, password, creds.State.VALID) return true, creds.Account:new( username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

2
scripts/http-wordpress-brute.nse
View File

@@ -93,7 +93,7 @@ Driver = {
if response.status == 302 then if response.status == 302 then
local c = creds.Credentials:new( SCRIPT_NAME, self.host, self.port ) local c = creds.Credentials:new( SCRIPT_NAME, self.host, self.port )
c:add(username, password, creds.State.VALID ) c:add(username, password, creds.State.VALID )
return true, brute.Account:new( username, password, "OPEN") return true, creds.Account:new( username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

2
scripts/iax2-brute.nse
View File

@@ -52,7 +52,7 @@ Driver = {
login = function(self, username, password) login = function(self, username, password)
local status, resp = self.helper:regRelease(username, password) local status, resp = self.helper:regRelease(username, password)
if ( status ) then if ( status ) then
return true, brute.Account:new( username, password, creds.State.VALID ) return true, creds.Account:new( username, password, creds.State.VALID )
elseif ( resp == "Release failed" ) then elseif ( resp == "Release failed" ) then
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
else else

4
scripts/imap-brute.nse
View File

@@ -72,13 +72,13 @@ Driver =
-- @param username string containing the username -- @param username string containing the username
-- @param password string containing the password -- @param password string containing the password
-- @return status true on success, false on failure -- @return status true on success, false on failure
-- @return brute.Error on failure and brute.Account on success -- @return brute.Error on failure and creds.Account on success
login = function( self, username, password ) login = function( self, username, password )
local status, err = self.helper:login( username, password, mech ) local status, err = self.helper:login( username, password, mech )
if ( status ) then if ( status ) then
self.helper:close() self.helper:close()
self.helper:connect() self.helper:connect()
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
if ( err:match("^ERROR: Failed to .* data$") ) then if ( err:match("^ERROR: Failed to .* data$") ) then
self.helper:close() self.helper:close()

6
scripts/informix-brute.nse
View File

@@ -73,7 +73,7 @@ Driver =
-- @param password string containing the login password -- @param password string containing the login password
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function( self, username, password ) login = function( self, username, password )
local status, data = self.helper:Login( username, password, {} ) local status, data = self.helper:Login( username, password, {} )
@@ -82,10 +82,10 @@ Driver =
nmap.registry['informix-brute'] = {} nmap.registry['informix-brute'] = {}
end end
table.insert( nmap.registry['informix-brute'], { ["username"] = username, ["password"] = password } ) table.insert( nmap.registry['informix-brute'], { ["username"] = username, ["password"] = password } )
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
-- Check for account locked message -- Check for account locked message
elseif ( data:match("INFORMIXSERVER does not match either DBSERVERNAME or DBSERVERALIASES") ) then elseif ( data:match("INFORMIXSERVER does not match either DBSERVERNAME or DBSERVERALIASES") ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new( data ) return false, brute.Error:new( data )

2
scripts/irc-brute.nse
View File

@@ -80,7 +80,7 @@ Driver = {
until(not(status)) until(not(status))
if (success) then if (success) then
return true, brute.Account:new("", password, creds.State.VALID) return true, creds.Account:new("", password, creds.State.VALID)
end end
return false, brute.Error:new("Incorrect password") return false, brute.Error:new("Incorrect password")
end, end,

2
scripts/irc-sasl-brute.nse
View File

@@ -123,7 +123,7 @@ Driver = {
until (not status) until (not status)
if (success) then if (success) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new("Incorrect username or password") return false, brute.Error:new("Incorrect username or password")
end, end,

2
scripts/iscsi-brute.nse
View File

@@ -50,7 +50,7 @@ Driver = {
local status = self.helper:login( self.target, username, password, "CHAP") local status = self.helper:login( self.target, username, password, "CHAP")
if ( status ) then if ( status ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

2
scripts/membase-brute.nse
View File

@@ -58,7 +58,7 @@ Driver = {
err:setRetry( true ) err:setRetry( true )
return false, err return false, err
end end
return true, brute.Account:new( arg_bucketname or username, password, creds.State.VALID) return true, creds.Account:new( arg_bucketname or username, password, creds.State.VALID)
end, end,
disconnect = function(self) disconnect = function(self)

2
scripts/metasploit-msgrpc-brute.nse
View File

@@ -88,7 +88,7 @@ Driver = {
data = http.post(self.host,self.port, "/api/",options, nil , encode(user,pass)) data = http.post(self.host,self.port, "/api/",options, nil , encode(user,pass))
if data and data.status and tostring( data.status ):match( "200" ) then if data and data.status and tostring( data.status ):match( "200" ) then
if string.find(data.body,"success") then if string.find(data.body,"success") then
return true, brute.Account:new( user, pass, creds.State.VALID) return true, creds.Account:new( user, pass, creds.State.VALID)
else else
return false, brute.Error:new( "Incorrect username or password" ) return false, brute.Error:new( "Incorrect username or password" )
end end

2
scripts/metasploit-xmlrpc-brute.nse
View File

@@ -70,7 +70,7 @@ Driver =
elseif (string.match(response,"<name>result</name><value><string>success</string></value>")) then elseif (string.match(response,"<name>result</name><value><string>success</string></value>")) then
stdnse.debug1("Good login: %s/%s", username, password) stdnse.debug1("Good login: %s/%s", username, password)
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
stdnse.debug1("WARNING: Unhandled response: %s", response) stdnse.debug1("WARNING: Unhandled response: %s", response)
return false, brute.Error:new( "unhandled response" ) return false, brute.Error:new( "unhandled response" )

2
scripts/mmouse-brute.nse
View File

@@ -71,7 +71,7 @@ Driver = {
if (data:match("^CONNECTED\30([^\30]*)") == "NO" ) then if (data:match("^CONNECTED\30([^\30]*)") == "NO" ) then
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
elseif ( data:match("^CONNECTED\30([^\30]*)") == "YES" ) then elseif ( data:match("^CONNECTED\30([^\30]*)") == "YES" ) then
return true, brute.Account:new("", password, creds.State.VALID) return true, creds.Account:new("", password, creds.State.VALID)
end end
local err = brute.Error:new("An unexpected error occurred, retrying ...") local err = brute.Error:new("An unexpected error occurred, retrying ...")

2
scripts/mongodb-brute.nse
View File

@@ -49,7 +49,7 @@ Driver = {
login = function(self, username, password) login = function(self, username, password)
local status, resp = mongodb.login(self.sock, arg_db, username, password) local status, resp = mongodb.login(self.sock, arg_db, username, password)
if ( status ) then if ( status ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
elseif ( resp ~= "Authentication failed" ) then elseif ( resp ~= "Authentication failed" ) then
local err = brute.Error:new( resp ) local err = brute.Error:new( resp )
err:setRetry( true ) err:setRetry( true )

2
scripts/mysql-brute.nse
View File

@@ -73,7 +73,7 @@ Driver = {
nmap.registry.mysqlusers = {} nmap.registry.mysqlusers = {}
end end
nmap.registry.mysqlusers[user]=pass nmap.registry.mysqlusers[user]=pass
return true, brute.Account:new( user, pass, creds.State.VALID) return true, creds.Account:new( user, pass, creds.State.VALID)
end end
return false,brute.Error:new( "Incorrect password" ) return false,brute.Error:new( "Incorrect password" )
end, end,

2
scripts/mysql-enum.nse
View File

@@ -87,7 +87,7 @@ Driver = {
end end
if string.find(response,"Access denied for user") == nil then if string.find(response,"Access denied for user") == nil then
-- found it -- found it
return true, brute.Account:new( pass, nil, creds.State.VALID) return true, creds.Account:new( pass, nil, creds.State.VALID)
else else
return false,brute.Error:new( "Incorrect username" ) return false,brute.Error:new( "Incorrect username" )
end end

2
scripts/nessus-brute.nse
View File

@@ -128,7 +128,7 @@ Driver =
end end
if ( line:match("SERVER <|> PREFERENCES_ERRORS <|>") ) then if ( line:match("SERVER <|> PREFERENCES_ERRORS <|>") ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

2
scripts/nessus-xmlrpc-brute.nse
View File

@@ -83,7 +83,7 @@ Driver =
local status, response = authenticate(self.host, self.port, username, password) local status, response = authenticate(self.host, self.port, username, password)
if ( status and response ) then if ( status and response ) then
if ( response:match("^HTTP/1.1 200 OK.*<status>OK</status>") ) then if ( response:match("^HTTP/1.1 200 OK.*<status>OK</status>") ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
elseif ( response:match("^HTTP/1.1 200 OK.*<status>ERROR</status>") ) then elseif ( response:match("^HTTP/1.1 200 OK.*<status>ERROR</status>") ) then
return false, brute.Error:new("incorrect login") return false, brute.Error:new("incorrect login")
end end

2
scripts/nexpose-brute.nse
View File

@@ -63,7 +63,7 @@ Driver =
return false, brute.Error:new( "Bad login" ) return false, brute.Error:new( "Bad login" )
elseif (response.body:match('<LoginResponse.*success="1"')) then elseif (response.body:match('<LoginResponse.*success="1"')) then
stdnse.debug1("Good login: %s/%s", username, password) stdnse.debug1("Good login: %s/%s", username, password)
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
stdnse.debug1("WARNING: Unhandled response: %s", response.body) stdnse.debug1("WARNING: Unhandled response: %s", response.body)
return false, brute.Error:new( "incorrect response from server" ) return false, brute.Error:new( "incorrect response from server" )

2
scripts/nping-brute.nse
View File

@@ -133,7 +133,7 @@ Driver =
login = function(self, _, password) login = function(self, _, password)
if self:testpass(password) then if self:testpass(password) then
return true, brute.Account:new("", password, creds.State.VALID) return true, creds.Account:new("", password, creds.State.VALID)
end end
return false, brute.Error:new("Incorrect password") return false, brute.Error:new("Incorrect password")
end, end,

2
scripts/omp2-brute.nse
View File

@@ -64,7 +64,7 @@ Driver = {
if self.session:authenticate(username, password) then if self.session:authenticate(username, password) then
-- store the account for possible future use -- store the account for possible future use
omp2.add_account(self.host, username, password) omp2.add_account(self.host, username, password)
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
else else
return false, brute.Error:new("login failed") return false, brute.Error:new("login failed")
end end

2
scripts/openvas-otp-brute.nse
View File

@@ -90,7 +90,7 @@ Driver =
elseif (string.match(line,"SERVER <|>")) then elseif (string.match(line,"SERVER <|>")) then
stdnse.debug1("Good login: %s/%s", username, password) stdnse.debug1("Good login: %s/%s", username, password)
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
stdnse.debug1("WARNING: Unhandled response: %s", line) stdnse.debug1("WARNING: Unhandled response: %s", line)

4
scripts/oracle-brute-stealth.nse
View File

@@ -117,7 +117,7 @@ Driver =
-- @param password string containing the login password -- @param password string containing the login password
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function( self, username, password ) login = function( self, username, password )
local status, data = self.helper:StealthLogin( username, password ) local status, data = self.helper:StealthLogin( username, password )
@@ -126,7 +126,7 @@ Driver =
if ( johnfile ) then if ( johnfile ) then
johnfile:write(("%s:%s\n"):format(username,hash)) johnfile:write(("%s:%s\n"):format(username,hash))
end end
return true, brute.Account:new(username, hash, creds.State.HASHED) return true, creds.Account:new(username, hash, creds.State.HASHED)
else else
return false, brute.Error:new( data ) return false, brute.Error:new( data )
end end

8
scripts/oracle-brute.nse
View File

@@ -133,7 +133,7 @@ Driver =
-- @param password string containing the login password -- @param password string containing the login password
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function( self, username, password ) login = function( self, username, password )
local status, data = self.helper:Login( username, password ) local status, data = self.helper:Login( username, password )
@@ -144,14 +144,14 @@ Driver =
if ( status ) then if ( status ) then
self.helper:Close() self.helper:Close()
ConnectionPool[coroutine.running()] = nil ConnectionPool[coroutine.running()] = nil
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
-- Check for account locked message -- Check for account locked message
elseif ( data:match("ORA[-]28000") ) then elseif ( data:match("ORA[-]28000") ) then
return true, brute.Account:new(username, password, creds.State.LOCKED) return true, creds.Account:new(username, password, creds.State.LOCKED)
-- Check for account is SYSDBA message -- Check for account is SYSDBA message
elseif ( data:match("ORA[-]28009") ) then elseif ( data:match("ORA[-]28009") ) then
sysdba[username] = true sysdba[username] = true
return true, brute.Account:new(username .. " as sysdba", password, creds.State.VALID) return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
-- check for any other message -- check for any other message
elseif ( data:match("ORA[-]%d+")) then elseif ( data:match("ORA[-]%d+")) then
stdnse.debug3("username: %s, password: %s, error: %s", username, password, data ) stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )

2
scripts/pcanywhere-brute.nse
View File

@@ -137,7 +137,7 @@ Driver = {
if status then if status then
retry = true -- now the server is in "locked mode", we need to retry next connection a few times retry = true -- now the server is in "locked mode", we need to retry next connection a few times
return true, brute.Account:new( user, pass, creds.State.VALID) return true, creds.Account:new( user, pass, creds.State.VALID)
end end
return false,brute.Error:new( "Incorrect password" ) return false,brute.Error:new( "Incorrect password" )
end, end,

5
scripts/pop3-brute.nse
View File

@@ -1,5 +1,6 @@
local brute = require "brute" local brute = require "brute"
local comm = require "comm" local comm = require "comm"
local creds = require "creds"
local nmap = require "nmap" local nmap = require "nmap"
local pop3 = require "pop3" local pop3 = require "pop3"
local shortport = require "shortport" local shortport = require "shortport"
@@ -73,13 +74,13 @@ Driver = {
-- @param password string containing the login password -- @param password string containing the login password
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function(self, username, password) login = function(self, username, password)
local pstatus local pstatus
local perror local perror
pstatus, perror = self.login_function(self.socket, username, password, self.additional) pstatus, perror = self.login_function(self.socket, username, password, self.additional)
if pstatus then if pstatus then
return true, brute.Account:new(username, password, "OPEN") return true, creds.Account:new(username, password, creds.State.VALID)
elseif (perror == pop3.err.pwError) then elseif (perror == pop3.err.pwError) then
return false, brute.Error:new("Wrong password.") return false, brute.Error:new("Wrong password.")
elseif (perror == pop3.err.userError) then elseif (perror == pop3.err.userError) then

2
scripts/redis-brute.nse
View File

@@ -54,7 +54,7 @@ Driver = {
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
elseif ( status and response.type == redis.Response.Type.STATUS and elseif ( status and response.type == redis.Response.Type.STATUS and
"+OK" ) then "+OK" ) then
return true, brute.Account:new( "", password, creds.State.VALID) return true, creds.Account:new( "", password, creds.State.VALID)
else else
local err = brute.Error:new( response.data ) local err = brute.Error:new( response.data )
err:setRetry( true ) err:setRetry( true )

2
scripts/rexec-brute.nse
View File

@@ -73,7 +73,7 @@ Driver = {
local response local response
status, response = self.socket:receive() status, response = self.socket:receive()
if ( status ) then if ( status ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end, end,

2
scripts/rlogin-brute.nse
View File

@@ -130,7 +130,7 @@ Driver = {
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end end
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end, end,
disconnect = function(self) disconnect = function(self)

2
scripts/rpcap-brute.nse
View File

@@ -46,7 +46,7 @@ Driver = {
login = function(self, username, password) login = function(self, username, password)
local status, resp = self.helper:login(username, password) local status, resp = self.helper:login(username, password)
if ( status ) then if ( status ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end, end,

2
scripts/rsync-brute.nse
View File

@@ -58,7 +58,7 @@ Driver = {
elseif ( not(status) ) then elseif ( not(status) ) then
return false, brute.Error:new( "Login failed" ) return false, brute.Error:new( "Login failed" )
else else
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
end, end,

2
scripts/sip-brute.nse
View File

@@ -65,7 +65,7 @@ Driver = {
end end
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end end
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end, end,
disconnect = function(self) return self.helper:close() end, disconnect = function(self) return self.helper:close() end,

7
scripts/sip-enum-users.nse
View File

@@ -7,6 +7,7 @@ local stdnse = require "stdnse"
local table = require "table" local table = require "table"
local math = require "math" local math = require "math"
local brute = require "brute" local brute = require "brute"
local creds = require "creds"
local unpwdb = require "unpwdb" local unpwdb = require "unpwdb"
description = [[ description = [[
@@ -192,17 +193,17 @@ Driver = {
-- requires authentication -- requires authentication
if responsecode == sip.Error.UNAUTHORIZED or if responsecode == sip.Error.UNAUTHORIZED or
responsecode == sip.Error.PROXY_AUTH_REQUIRED then responsecode == sip.Error.PROXY_AUTH_REQUIRED then
return true, brute.Account:new(password, " Auth required", '') return true, creds.Account:new(password, " Auth required", '')
-- If response status code is 200, then extension exists -- If response status code is 200, then extension exists
-- and requires no authentication -- and requires no authentication
elseif responsecode == sip.Error.OK then elseif responsecode == sip.Error.OK then
return true, brute.Account:new(password, " No auth", '') return true, creds.Account:new(password, " No auth", '')
-- If response status code is 200, then extension exists -- If response status code is 200, then extension exists
-- but access is forbidden. -- but access is forbidden.
elseif responsecode == sip.Error.FORBIDDEN then elseif responsecode == sip.Error.FORBIDDEN then
return true, brute.Account:new(password, " Forbidden", '') return true, creds.Account:new(password, " Forbidden", '')
end end
return false,brute.Error:new( "Not found" ) return false,brute.Error:new( "Not found" )
else else

4
scripts/smtp-brute.nse
View File

@@ -73,13 +73,13 @@ Driver =
-- @param username string containing the username -- @param username string containing the username
-- @param password string containing the password -- @param password string containing the password
-- @return status true on success, false on failure -- @return status true on success, false on failure
-- @return brute.Error on failure and brute.Account on success -- @return brute.Error on failure and creds.Account on success
login = function( self, username, password ) login = function( self, username, password )
local status, err = smtp.login( self.socket, username, password, mech ) local status, err = smtp.login( self.socket, username, password, mech )
if ( status ) then if ( status ) then
smtp.quit(self.socket) smtp.quit(self.socket)
ConnectionPool[coroutine.running()] = nil ConnectionPool[coroutine.running()] = nil
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
if ( err:match("^ERROR: Failed to .*") ) then if ( err:match("^ERROR: Failed to .*") ) then
self.socket:close() self.socket:close()

2
scripts/socks-brute.nse
View File

@@ -57,7 +57,7 @@ Driver = {
return false, err return false, err
end end
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end, end,
disconnect = function( self ) disconnect = function( self )

4
scripts/svn-brute.nse
View File

@@ -199,7 +199,7 @@ Driver =
-- @param password string containing the login password -- @param password string containing the login password
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function( self, username, password ) login = function( self, username, password )
local status, msg local status, msg
@@ -213,7 +213,7 @@ Driver =
self.invalid_users[username] = true self.invalid_users[username] = true
return false, brute.Error:new("Username not found") return false, brute.Error:new("Username not found")
elseif ( status and msg:match("success") ) then elseif ( status and msg:match("success") ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
else else
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )
end end

7
scripts/telnet-brute.nse
View File

@@ -1,5 +1,6 @@
local comm = require "comm" local comm = require "comm"
local coroutine = require "coroutine" local coroutine = require "coroutine"
local creds = require "creds"
local nmap = require "nmap" local nmap = require "nmap"
local re = require "re" local re = require "re"
local U = require "lpeg-utility" local U = require "lpeg-utility"
@@ -525,7 +526,7 @@ end
-- --
-- @param self Driver object -- @param self Driver object
-- @return Status (true or false) -- @return Status (true or false)
-- @return instance of brute.Account if the operation was successful; -- @return instance of creds.Account if the operation was successful;
-- instance of brute.Error otherwise -- instance of brute.Error otherwise
Driver.methods.login = function (self, username, password) Driver.methods.login = function (self, username, password)
assert(self.conn, "Attempt to use disconnected driver") assert(self.conn, "Attempt to use disconnected driver")
@@ -567,13 +568,13 @@ Driver.methods.login = function (self, username, password)
local login_success = function () local login_success = function ()
local msg = "Login succeeded" local msg = "Login succeeded"
debug(detail_debug, msg .. loc) debug(detail_debug, msg .. loc)
return true, brute.Account:new(username, password, "OPEN") return true, creds.Account:new(username, password, creds.State.VALID)
end end
local login_no_password = function () local login_no_password = function ()
local msg = "Login succeeded without password" local msg = "Login succeeded without password"
debug(detail_debug, msg .. loc) debug(detail_debug, msg .. loc)
return true, brute.Account:new(username, "<none>", "OPEN") return true, creds.Account:new(username, "", creds.State.VALID)
end end
debug(detail_debug, "Login attempt %s:%s%s", username, password, loc) debug(detail_debug, "Login attempt %s:%s%s", username, password, loc)

2
scripts/vmauthd-brute.nse
View File

@@ -73,7 +73,7 @@ Driver = {
status, response = self.socket:receive_buf("\r\n", false) status, response = self.socket:receive_buf("\r\n", false)
if ( response:match("^230") ) then if ( response:match("^230") ) then
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
return false, brute.Error:new( "Login incorrect" ) return false, brute.Error:new( "Login incorrect" )

4
scripts/vnc-brute.nse
View File

@@ -68,7 +68,7 @@ Driver =
-- @param password string containing the login password -- @param password string containing the login password
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return brute.Error object on failure -- @return brute.Error object on failure
-- brute.Account object on success -- creds.Account object on success
login = function( self, username, password ) login = function( self, username, password )
local status, data = self.vnc:handshake() local status, data = self.vnc:handshake()
@@ -87,7 +87,7 @@ Driver =
status, data = self.vnc:login( nil, password ) status, data = self.vnc:login( nil, password )
if ( status ) then if ( status ) then
return true, brute.Account:new("", password, creds.State.VALID) return true, creds.Account:new("", password, creds.State.VALID)
elseif ( not( data:match("Authentication failed") ) ) then elseif ( not( data:match("Authentication failed") ) ) then
local err = brute.Error:new( data ) local err = brute.Error:new( data )
-- This might be temporary, set the retry flag -- This might be temporary, set the retry flag

4
scripts/xmpp-brute.nse
View File

@@ -75,13 +75,13 @@ Driver =
-- @param username string containing the username -- @param username string containing the username
-- @param password string containing the password -- @param password string containing the password
-- @return status true on success, false on failure -- @return status true on success, false on failure
-- @return brute.Error on failure and brute.Account on success -- @return brute.Error on failure and creds.Account on success
login = function( self, username, password ) login = function( self, username, password )
local status, err = self.helper:login( username, password, mech ) local status, err = self.helper:login( username, password, mech )
if ( status ) then if ( status ) then
self.helper:close() self.helper:close()
self.helper:connect() self.helper:connect()
return true, brute.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
end end
if ( err:match("^ERROR: Failed to .* data$") ) then if ( err:match("^ERROR: Failed to .* data$") ) then
self.helper:close() self.helper:close()