Remainder of Chris Johnson's patch from
http://seclists.org/nmap-dev/2013/q3/296.
Previously, Nmap could match replies that came in response to an
original probe, with one of the retransmissions of the probe. One effect
was that latency would be measured to be smaller than it should. Chris
Johnson summarized the problem and showed how to reproduce it at
http://seclists.org/nmap-dev/2013/q3/113.
http://seclists.org/nmap-dev/2013/q3/249
- Multi-threaded (thanks to nselib/brute.lua)
- Can automatically reduce number of threads if it senses that the
target supports less than what brute.lua wants to use. Without this
feature the script tends to bail out because brute.lua default of 10
threads is too much for a lot of telnet targets. This saves the user
the trouble of finding out how much the target can take before
launching the script.
- Uses connection pooling for sending multiple login attempts across
the same connection. This significantly improves performance.
- Supports password-only logins.
Other changes:
- Fixed support for Windows telnet service.
Added support for Netgear RM356.
- Improved accuracy of target state detection.
Tested on:
- Cisco IOS
- Linux telnetd
- Windows telnet service
- Digital Sprite 2
- Nortel Contivity
- Netgear RM356
- Hummingbird telnetd
Not all SSH key formats use base64 encoding, for example SSH1 keys looks
different. So we can't blindly base64-encode the raw strings that we
receive. Attempt to return keys in the same format as is used by the
known_hosts file.
This prevents nsock from iterating over the whole list of events at
each runloop, thus improving performance.
It made it necessary to have pointers from the msevents to the event
lists they belong to. The patch therefore also changes gh_list from
autonomous containers to embedded structures.
Added unit tests accordingly and cosmetic changes to make things look
more consistent.
