The socks4_data structure is not aligned. Sending sizeof(sock4) bytes
results in invalid requests.
Noticed and reported by David: http://seclists.org/nmap-dev/2013/q2/160
This call got duplicated during the merge and provoked
non-fatal nsock errors like:
NSOCK ERROR [0.0310s] nsp_set_proxychain(): Invalid call. Existing proxychain on this nsock_pool
Discussion thread: http://seclists.org/nmap-dev/2013/q2/121
Existing behavior preserved and preferred, but absolute and local paths
should also work now. Notably, smb-psexec's locate_file function claimed
to check current directory but did not.
http://seclists.org/nmap-dev/2013/q2/101
- Changed line termination from \r\0 to \r\n.
- Changed response to the telnet server ECHO "will" / "will not" from
outright "do not" to an agreement with whatever the server proposes
to make the script work with some daemons.
- Removed use of receive_lines(), which was causing either time-outs or
unnecessary connection tear-downs due to waiting on a line
termination. This change improved the script success rate and/or
performance (5x in some cases).
- Exposed the connection time-out value as a configurable parameter
(telnet-brute.timeout). It defaults to 5s.
- Improved handling of connection errors, which were occassionally
causing credential combinations to be skipped.
- Updated the logged-in status detection logic to make the script work
with some daemons.
- Avoided overlapping connections to make the script work with daemons
that allow only one connection at a time.
- Replaced a locally defined routine with stdnse.string_or_blank() for
printing out credentials. Changed printing of tested credentials in
the debug output to be consistent with script results.
- Script will now report if it senses password-only authentication.
- Implemented detailed debug messages (e.g. "Sending password") at
debug level 3 (configurable).
- Expanded the script documentation.
