o [NSE] Added credential storage library (creds.lua) and modified the brute

library and scripts to make use of it. [Patrik]

scripts/backorifice-brute.nse

@@ -262,7 +262,7 @@ local Driver =
 				nmap.registry.credentials['backorifice'] = {}
 			end
 			table.insert( nmap.registry.credentials.backorifice, { password = password } )
-			return true, brute.Account:new("", password, "OPEN")
+			return true, brute.Account:new("", password, creds.State.VALID)
 		else  
 			-- The only indication that the password is incorrect is a timeout
 			local err = brute.Error:new( "Incorrect password" )
@@ -271,9 +271,6 @@ local Driver =
 		end
 	end,
 	
-	check = function( self )
-		return true
-	end
 }
 
 action = function( host, port )
@@ -283,6 +280,7 @@ action = function( host, port )
 	
 	engine.options.firstonly = true
 	engine.options.passonly = true
+	engine.options.script_name = SCRIPT_NAME
 	
 	status, result = engine:start()
 	

scripts/domcon-brute.nse

@@ -136,7 +136,7 @@ Driver =
 		if ( status and data:match("NOT_REG_ADMIN") ) then
 			not_admins[username] = true
 		elseif( status and data:match("VALID_USER") ) then
-			return true, brute.Account:new( username, password, "OPEN")
+			return true, brute.Account:new( username, password, creds.State.VALID)
 		end
 
 		return false, brute.Error:new( "Incorrect password" )
@@ -146,11 +146,7 @@ Driver =
 	disconnect = function( self )
 		self.sockpool:releaseSocket( self.socket )
 	end,
-	
-	check = function( self )
-		return true
-	end,
-	
+		
 }
 
 
@@ -159,6 +155,7 @@ action = function(host, port)
 	local pool = SocketPool:new(10)
 	local engine = brute.Engine:new(Driver, host, port, pool )
    	
+	engine.options.script_name = SCRIPT_NAME
 	status, result = engine:start()
 	pool:shutdown()
 	

scripts/dpap-brute.nse

@@ -55,8 +55,8 @@ Driver = {
 			"Client-DPAP-Version: 1.1\r\n" ..
 			"\r\n\r\n"
 		
-		local creds = base64.enc("nmap:" .. password)
-		data = data:format( self.host.ip, self.port.number, self.host.ip, creds )
+		local c = base64.enc("nmap:" .. password)
+		data = data:format( self.host.ip, self.port.number, self.host.ip, c )
 		
 		local status = self.socket:send( data )
 		if ( not(status) ) then
@@ -73,7 +73,7 @@ Driver = {
 		end
 		
 		if ( data:match("^HTTP/1.1 200 OK") ) then
-			return true, brute.Account:new(username, password, "OPEN")
+			return true, brute.Account:new(username, password, creds.State.VALID)
 		end
 		
 		return false, brute.Error:new( "Incorrect password" )
@@ -111,7 +111,8 @@ action = function(host, port)
 	
 	engine.options.firstonly = true
 	engine.options:setOption( "passonly", true )
-	
+	engine.options.script_name = SCRIPT_NAME
+		
 	status, result = engine:start()
 
 	return result

scripts/http-brute.nse

@@ -79,7 +79,7 @@ Driver = {
 				nmap.registry.credentials['http'] = {}
 			end
 			table.insert( nmap.registry.credentials.http, { username = username, password = password } )
-			return true, brute.Account:new( username, password, "OPEN")
+			return true, brute.Account:new( username, password, creds.State.VALID)
 		end
 		return false, brute.Error:new( "Incorrect password" )
 	end,
@@ -105,7 +105,8 @@ action = function( host, port )
 	local path = nmap.registry.args['http-brute.path']
 	local method = string.upper(nmap.registry.args['http-brute.method'] or "GET")
 	local engine = brute.Engine:new(Driver, host, port, method )
-
+	engine.options.script_name = SCRIPT_NAME
+	
 	if ( not(path) ) then
 		return "  \n  ERROR: No path was specified (see http-brute.path)"
 	end

scripts/http-form-brute.nse

@@ -135,7 +135,7 @@ Driver = {
 			nmap.registry['credentials'] = nmap.registry['credentials'] or {}
 			nmap.registry.credentials['http'] = nmap.registry.credentials['http'] or {}
 			table.insert( nmap.registry.credentials.http, { username = username, password = password } )
-			return true, brute.Account:new( username, password, "OPEN")
+			return true, brute.Account:new( username, password, creds.State.VALID)
 		end
 		
 		return false, brute.Error:new( "Incorrect password" )
@@ -235,6 +235,8 @@ action = function( host, port )
 	-- there's a bug in http.lua that does not allow it to be called by
 	-- multiple threads
 	engine:setMaxThreads(1)
+	engine.options.script_name = SCRIPT_NAME
+	
 	if ( not(uservar) ) then
 		engine.options:setOption( "passonly", true )
 	end

scripts/informix-brute.nse

@@ -78,10 +78,10 @@ Driver =
 				nmap.registry['informix-brute'] = {}
 			end
 			table.insert( nmap.registry['informix-brute'], { ["username"] = username, ["password"] = password } )
-			return true, brute.Account:new(username, password, "OPEN")
+			return true, brute.Account:new(username, password, creds.State.VALID)
 		-- Check for account locked message
 		elseif ( data:match("INFORMIXSERVER does not match either DBSERVERNAME or DBSERVERALIASES") ) then
-			return true, brute.Account:new(username, password, "OPEN")
+			return true, brute.Account:new(username, password, creds.State.VALID)
 		end
 
 		return false, brute.Error:new( data )
@@ -93,21 +93,13 @@ Driver =
 		self.helper:Close()
 	end,
 	
-	--- Perform a connection with the helper, this makes sure that the Informix
-	-- instance is correct.
-	--
-	-- @return status true on success false on failure
-	-- @return err containing the error message on failure
-	check = function( self )
-		return true
-	end,
-	
 }
 
 
 action = function(host, port)
 	local status, result 
 	local engine = brute.Engine:new(Driver, host, port )
+	engine.options.script_name = SCRIPT_NAME
 	
 	status, result = engine:start()
 

scripts/iscsi-brute.nse

@@ -47,7 +47,7 @@ Driver = {
 		local status = self.helper:login( self.target, username, password, "CHAP")
 		
 		if ( status ) then
-			return true, brute.Account:new(username, password, "OPEN")
+			return true, brute.Account:new(username, password, creds.State.VALID)
 		end
 		
 		return false, brute.Error:new( "Incorrect password" )
@@ -78,7 +78,10 @@ action = function( host, port )
 	if ( status ) then return "No authentication required" end
 
 	local accounts
-	status, accounts = brute.Engine:new(Driver, host, port):start()
+
+	local engine = brute.Engine:new(Driver, host, port)
+	engine.options.script_name = SCRIPT_NAME
+	status, accounts = engine:start()
 
 	if ( status ) then return accounts end
 end

scripts/nping-brute.nse

@@ -165,7 +165,7 @@ Driver =
 
 	login = function(self, _, password)
 		if self:testpass(password) then
-			return true, brute.Account:new("", password, "OPEN")
+			return true, brute.Account:new("", password, creds.State.VALID)
 		end
 		return false, brute.Error:new("Incorrect password")
 	end,
@@ -173,16 +173,13 @@ Driver =
 	disconnect = function(self)
 		return self.socket:close()
 	end,
-	
-	check = function(self) --deprecated
-		return true
-	end,
 }
 
 action = function(host, port)
 	local engine = brute.Engine:new(Driver, host, port)
 	engine.options.firstonly = true
 	engine.options:setOption("passonly", true)
+	engine.options.script_name = SCRIPT_NAME
 	local status, result = engine:start()
 	return result
 end

scripts/omp2-brute.nse

@@ -64,20 +64,18 @@ Driver = {
     if self.session:authenticate(username, password) then
       -- store the account for possible future use
       omp2.add_account(self.host, username, password)
-      return true, brute.Account:new(username, password, "OPEN")
+      return true, brute.Account:new(username, password, creds.State.VALID)
     else
       return false, brute.Error:new("login failed")
     end
   end,
 
-  --- Deprecated
-  check = function(self)
-    return true
-  end,
 }
 
 action = function(host, port)
-  local status, result = brute.Engine:new(Driver, host, port):start()
+  local engine = brute.Engine:new(Driver, host, port)
+  engine.options.script_name = SCRIPT_NAME
+  local status, result = engine:start()
   return result
 end
 

scripts/oracle-brute.nse

@@ -100,10 +100,10 @@ Driver =
 		local status, data = self.helper:Login( username, password )
 		
 		if ( status ) then
-			return true, brute.Account:new(username, password, "OPEN")
+			return true, brute.Account:new(username, password, creds.State.VALID)
 		-- Check for account locked message
 		elseif ( data:match("ORA[-]28000") ) then
-			return true, brute.Account:new(username, password, "LOCKED")
+			return true, brute.Account:new(username, password, creds.State.LOCKED)
 		-- check for any other message
 		elseif ( data:match("ORA[-]%d+")) then
 			stdnse.print_debug(3, "username: %s, password: %s, error: %s", username, password, data )
@@ -147,6 +147,7 @@ Driver =
 action = function(host, port)
 	local status, result 
 	local engine = brute.Engine:new(Driver, host, port )
+	engine.options.script_name = SCRIPT_NAME
 	
 	if ( not( nmap.registry.args['oracle-brute.sid'] ) and not( nmap.registry.args['tns.sid'] ) ) then
 		return "ERROR: Oracle instance not set (see oracle-brute.sid or tns.sid)"

scripts/sip-brute.nse

@@ -61,7 +61,7 @@ Driver = {
 			end
 			return false, brute.Error:new( "Incorrect password" )
 		end
-		return true, brute.Account:new(username, password, "OPEN")
+		return true, brute.Account:new(username, password, creds.State.VALID)
 	end,
 	
 	disconnect = function(self)	return self.helper:close() end,	
@@ -100,6 +100,7 @@ action = function(host, port)
 		end
 	end
 	local engine = brute.Engine:new(Driver, host, port)
+	engine.options.script_name = SCRIPT_NAME
 	local status, result = engine:start()
 	return result
 end

scripts/svn-brute.nse

@@ -207,7 +207,7 @@ Driver =
 			self.invalid_users[username] = true
 			return false, brute.Error:new("Username not found")
 		elseif ( status and msg:match("success") ) then
-			return true, brute.Account:new(username, password, "OPEN")
+			return true, brute.Account:new(username, password, creds.State.VALID)
 		else
 			return false, brute.Error:new( "Incorrect password" )
 		end
@@ -250,12 +250,14 @@ action = function(host, port)
 		return "  \n  Anonymous SVN detected, no authentication needed"
 	end
 	
-	if ( not( svn.auth_mech["CRAM-MD5"] ) ) then
+	if ( not(svn.auth_mech) or not( svn.auth_mech["CRAM-MD5"] ) ) then
 		return "  \n  No supported authentication mechanisms detected"
 	end
 	
 	local invalid_users = {}
-	status, accounts = brute.Engine:new(Driver, host, port, invalid_users):start()
+	local engine = brute.Engine:new(Driver, host, port, invalid_users)
+	engine.options.script_name = SCRIPT_NAME
+	status, accounts = engine:start()
 	if( not(status) ) then
 		return accounts
 	end

scripts/vnc-brute.nse

@@ -69,7 +69,8 @@ Driver =
 	login = function( self, username, password )
 
 		local status, data = self.vnc:handshake()
-		if ( not(status) and data:match("Too many authentication failures") ) then
+		if ( not(status) and ( data:match("Too many authentication failures") or
+			data:match("Your connection has been rejected.") ) ) then
 			local err = brute.Error:new( data )
 			err:setAbort( true )
 			return false, err			
@@ -83,7 +84,7 @@ Driver =
 		status, data = self.vnc:login( nil, password )
 
 		if ( status ) then
-			return true, brute.Account:new("", password, "OPEN")
+			return true, brute.Account:new("", password, creds.State.VALID)
 		elseif ( not( data:match("Authentication failed") ) ) then
 			local err = brute.Error:new( data )
 			-- This might be temporary, set the retry flag
@@ -132,6 +133,7 @@ action = function(host, port)
 	local status, result 
 	local engine = brute.Engine:new(Driver, host, port )
 	
+	engine.options.script_name = SCRIPT_NAME
 	engine.options.firstonly = true
 	engine.options:setOption( "passonly", true )