Discussion thread: http://seclists.org/nmap-dev/2013/q2/121
Existing behavior preserved and preferred, but absolute and local paths
should also work now. Notably, smb-psexec's locate_file function claimed
to check current directory but did not.
http://seclists.org/nmap-dev/2013/q2/101
- Changed line termination from \r\0 to \r\n.
- Changed response to the telnet server ECHO "will" / "will not" from
outright "do not" to an agreement with whatever the server proposes
to make the script work with some daemons.
- Removed use of receive_lines(), which was causing either time-outs or
unnecessary connection tear-downs due to waiting on a line
termination. This change improved the script success rate and/or
performance (5x in some cases).
- Exposed the connection time-out value as a configurable parameter
(telnet-brute.timeout). It defaults to 5s.
- Improved handling of connection errors, which were occassionally
causing credential combinations to be skipped.
- Updated the logged-in status detection logic to make the script work
with some daemons.
- Avoided overlapping connections to make the script work with daemons
that allow only one connection at a time.
- Replaced a locally defined routine with stdnse.string_or_blank() for
printing out credentials. Changed printing of tested credentials in
the debug output to be consistent with script results.
- Script will now report if it senses password-only authentication.
- Implemented detailed debug messages (e.g. "Sending password") at
debug level 3 (configurable).
- Expanded the script documentation.
This allows to generically handle all kinds of connexions instead of manually
providing a handler for tcp connect, ssl connect...
The drawback is that would it makes it harder to implement support of SSL
proxies. Not sure whether there's a need though, looks like regular clients
don't handle them at least.
This simplifies the interface that proxies export to the library but also relies
upon the assumption that a proxy chain starts with a TCP connection from the
scanner to the next hop proxy. That will be enough ATM.
When establishing the tunnel through proxy chain, we need to track status of
each proxy (storing R/W buffers, stats, retries...).
This patch lets proxies store and manage whatever structure they want to have
for this in a Nsock IOD. Since types can differ between proxy types, the
proxy_info are stored as a list of void *, ordered like the proxy nodes.
