to {"auth", "intrusive", "vuln"}. The first categories are the same as
in realvnc-auth-bypass, which would seems to be a very similar script,
but netbus-auth-bypass can have the additional side effect of breaking
future authentication attempts for all users, which is solidly
intrusive.
remote administration/backdoor program.
- netbus-info: gets configuration information.
- netbus-brute: guesses passwords.
- netbus-version: distinguishes NetBus from NetBuster, a program
that mimics the protocol but doesn't actually allow any
operations.
- netbus-auth-bypass: Checks for a bug in the server that allows
connecting without a password.
algorithms the target SSH2 server supports, by type. If verbosity
is set, then the offered algorithms are listed. Output is reduced
for identical "client to server" and "server to client" lists by
using a single combined list. [Kris]
* Adding path-mtu.nse for Path MTU Discovery
* Nmap now stores the MTU for interfaces (from SIOCGIFMTU or libdnet)
* Scripts can access the MTU for host.interface via host.interface_mtu
* Nmap prints the MTU for interfaces in --iflist
The scripts are:
- oracle-brute uses the brute and tns library to perform password guessing
- oracle-enum-users attempts to determine valid Oracle user names
[Patrik]
Domino oriented scripts:
- domino-enum-users.nse guesses users and attempts to download ID files by
exploiting (CVE-2006-5835).
- domino-enum-passwords attempts to download Internet passwords and ID files
from the web server.
- domcon-brute performs password guessing against the remote console.
- domcon-cmd adds support for running custom remote console commands.
[Patrik]
- informix-brute uses the brute framework to perform password guessing
- informix-query add support for running SQL queries against Informix
- informix-tables lists table- and column-names for a given database
[Patrik]
scripts are:
- ms-sql-brute.nse uses the unpwdb library to guess credentials for MSSQL
- ms-sql-config retrieves various configuration details from the server
- ms-sql-empty-password checks if the sa account has an empty password
- ms-sql-hasdbaccess lists database access per user
- ms-sql-query add support for running custom queries against the database
- ms-sql-tables lists databases, tables, columns and datatypes with optional
keyword filtering
- ms-sql-xp-cmdshell adds support for OS command execution to privileged
users
[Patrik]
addresses, and other configuration information from an AFP server.
The script, and a patch to the afp library, were originally
contributed by Andrew Orr and were subsequently enhanced by Patrik
and David.
I added an @output section to the script and made it hex-encode a binary
string for the sever signature (previous versions of the afp patch did
the hex-encoding in the library, but I thought it was better to do it in
the script.)
