(http://seclists.org/nmap-dev/2010/q4/674) into
Nmap's top-5000 password database. A team of Nmap developers, lead
by Brandon Enright has cracked 635,546 out of 748,081 password
hashes so far (85%). Gawker users' top passwords are are "123456",
"password", "12345678", "lifehack", "qwerty", "abc123", "12345",
"monkey", "111111", "consumer", and "letmein".
Tumblr post, this sounds more like a way for people to set up a private
server on a LAN among trusted users than a vulnerability. Also link the
Tumblr post in the description.
before) each group of tab.add, and there is no tab.nextrow before or
after tab.addrow. Also remove manual indenting that was accomplished by
padding the first column with spaces; this is done by
stdnse.format_output now.
indent and prefix before each line, not just at the beginning. If the
indent was ">>>>", then formatting the line "AB\nCD" would result in
| >>>> AB
|_CD
Now it will be
| >>>> AB
|_>>>> CD
Some script were working around this by relying on an invisible blank
first line and manually indenting following lines.
nothing in the current row yet. This allows using #t or ipairs to get
the number of rows that have been filled by the user. t.rows is the
index number of the next row that will be filled in, or the one that is
currently being filled in if something has already been entered.
t.rows == #t + 1 means that we've finished with the previous row, but we
don't want to count a new (blank) row until we've started filling
something in.
This should be handled by the generic case, and I don't think it was
used anyway because the logic was wrong:
if(indent == nil and #data == 1 and type(data) == 'string' and not(data['name']) and not(data['warning'])) then
return data[1]
end
This seems to be checking for a one-element table whose single element
is a string. But the test "#data == 1 and type(data) == 'string'" is
actually testing for a one-byte string. I think this is supposed to be
"type(data[1]) == 'string'", but anyway it should be handled by the
generic case.
sending the magic shell string but before sending a shell command.
Michael Meyer reported that the script would sometimes fail to report a
backdoor; I tracked this down to the sends happening in too-close
succession. The ProFTPD process could receive both sends
("HELP ACIDBITCHEZ\r\nid;\r\n"), read the first line, and execute the
shell, but then the shell would get no input because the "id;\r\n" had
already been read.
This causes a delay up to the timeout when there is a backdoor, but it
still returns right away when there is no backdoor.
