PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-30 11:29:01 +00:00
Code Issues Projects Releases Wiki Activity
Files
7f12d63392fbf32d30f343f7f7f1bdf73ad8af97
nmap/scripts/mmouse-brute.nse
patrik 7f12d63392 o [NSE] Added the script mmouse-exec that connects to a Mobile Mouse server, 
starts an application, and sends a sequence of keystrokes to it. [Patrik
  Karlsson]

o [NSE] Added the script mmouse-brute that performs brute force password
  auditing against the Mobile Mouse service. [Patrik Karlsson]
2012-05-01 14:29:36 +00:00

109 lines
2.7 KiB
Lua
Raw Blame History

description = [[
Performs brute force password auditing against the RPA Tech Mobile Mouse
Server.
]]
---
-- @usage
-- nmap --script mobilemouse-brute -p 51010 <host>
--
-- @output
-- PORT STATE SERVICE
-- 51010/tcp open unknown
-- | mmouse-brute:
-- | Accounts
-- | vanilla - Valid credentials
-- | Statistics
-- |_ Performed 1199 guesses in 23 seconds, average tps: 47
--
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"}
local shortport = require('shortport')
local brute = require('brute')
local arg_timeout = stdnse.get_script_args(SCRIPT_NAME .. ".timeout") or 5000
portrule = shortport.port_or_service(51010, "mmouse", "tcp")
Driver = {
new = function(self, host, port)
local o = { host = host, port = port }
setmetatable(o, self)
self.__index = self
return o
end,
connect = function( self )
self.socket = nmap.new_socket()
self.socket:set_timeout(arg_timeout)
return self.socket:connect(self.host, self.port)
end,
login = function( self, username, password )
local devid = "0123456789abcdef0123456789abcdef0123456"
local devname = "Lord Vaders iPad"
local suffix = "2".."\30".."2".."\04"
local auth = ("CONNECT\30%s\30%s\30%s\30%s"):format(password, devid, devname, suffix)
local status = self.socket:send(auth)
if ( not(status) ) then
local err = brute.Error:new( "Failed to send data to server" )
err:setRetry( true )
return false, err
end
local status, data = self.socket:receive_buf("\04", true)
if (data:match("^CONNECTED\30([^\30]*)") == "NO" ) then
return false, brute.Error:new( "Incorrect password" )
elseif ( data:match("^CONNECTED\30([^\30]*)") == "YES" ) then
return true, brute.Account:new("", password, creds.State.VALID)
end
local err = brute.Error:new("An unexpected error occured, retrying ...")
err:setRetry(true)
return false, err
end,
disconnect = function(self)
self.socket:close()
end,
}
local function hasPassword(host, port)
local driver = Driver:new(host, port)
if ( not(driver:connect()) ) then
error("Failed to connect to server")
end
local status = driver:login(nil, "nmap")
driver:disconnect()
return not(status)
end
action = function(host, port)
if ( not(hasPassword(host, port)) ) then
return "\n Server has no password"
end
local status, result
local engine = brute.Engine:new(Driver, host, port )
engine.options.script_name = SCRIPT_NAME
engine.options.firstonly = true
engine.options:setOption( "passonly", true )
-- mouse server does not behave well when multiple threads are guessing
engine:setMaxThreads(1)
status, result = engine:start()
return result
end
Reference in New Issue View Git Blame Copy Permalink