mirror of
https://github.com/nmap/nmap.git
synced 2025-12-09 06:01:28 +00:00
90a2819a04
remote administration/backdoor program.
- netbus-info: gets configuration information.
- netbus-brute: guesses passwords.
- netbus-version: distinguishes NetBus from NetBuster, a program
that mimics the protocol but doesn't actually allow any
operations.
- netbus-auth-bypass: Checks for a bug in the server that allows
connecting without a password.
49 lines
1.1 KiB
Lua
49 lines
1.1 KiB
Lua
description = [[
|
|
Tries to retrieve NetBus password by guessing.
|
|
]]
|
|
|
|
---
|
|
-- @output
|
|
-- 12345/tcp open netbus
|
|
-- |_netbus-brute: password123
|
|
|
|
author = "Toni Ruottu"
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
categories = {"auth", "intrusive"}
|
|
|
|
require("nmap")
|
|
require("stdnse")
|
|
require("shortport")
|
|
require("unpwdb")
|
|
|
|
dependencies = {"netbus-version"}
|
|
|
|
portrule = shortport.port_or_service (12345, "netbus", {"tcp"})
|
|
|
|
action = function( host, port )
|
|
local try = nmap.new_try()
|
|
local passwords = try(unpwdb.passwords())
|
|
local socket = nmap.new_socket()
|
|
local status, err = socket:connect(host.ip, port.number)
|
|
if not status then
|
|
return
|
|
end
|
|
local buffer, err = stdnse.make_buffer(socket, "\r")
|
|
local _ = buffer() --skip the banner
|
|
for password in passwords do
|
|
local foo = string.format("Password;0;%s\r", password)
|
|
socket:send(foo)
|
|
local login = buffer()
|
|
if login == "Access;1" then
|
|
-- Store the password for other netbus scripts
|
|
nmap.registry.netbuspassword=password
|
|
|
|
return string.format("%s", password)
|
|
end
|
|
end
|
|
socket:close()
|
|
|
|
end
|
|
|
|
|