PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
bff90f3d557ceadb64c44c62fc87d1b73a659b7d
nmap/scripts/afp-brute.nse
tomsellers 035ae9e9b1 Updated account status text in brute force password discovery scripts in an effort to make the reporting more consistent across all scripts. This will have an impact on any code that parses these values. 
In the case of a few of these scripts the only thing that was updated was the example text as the scripts relied on the creds library which handles the strings internally.
2011-09-11 12:13:13 +00:00

103 lines
2.8 KiB
Lua
Raw Blame History

description = [[
Performs password guessing against Apple Filing Protocol (AFP).
]]
---
-- @usage
-- nmap -p 548 --script afp-brute <host>
--
-- @output
-- PORT STATE SERVICE
-- 548/tcp open afp
-- | afp-brute:
-- |_ admin:KenSentMe => Login Correct
-- Information on AFP implementations
--
-- Snow Leopard
-- ------------
-- - Delay 10 seconds for accounts with more than 5 incorrect login attempts (good)
-- - Instant response if password is successfull
--
-- Netatalk
-- --------
-- - Netatalk responds with a "Parameter error" when the username is invalid
--
author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"intrusive", "auth"}
require 'shortport'
require 'stdnse'
require 'afp'
require 'unpwdb'
-- Version 0.3
-- Created 01/15/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- Revised 03/09/2010 - v0.2 - changed so that passwords are iterated over users
-- - this change makes better sence as guessing is slow
-- Revised 09/09/2011 - v0.3 - changed account status text to be more consistent with other *-brute scripts
portrule = shortport.port_or_service(548, "afp")
action = function( host, port )
local result, response, status = {}, nil, nil
local valid_accounts, found_users = {}, {}
local helper
status, usernames = unpwdb.usernames()
if not status then return end
status, passwords = unpwdb.passwords()
if not status then return end
for password in passwords do
for username in usernames do
if ( not(found_users[username]) ) then
helper = afp.Helper:new()
status, response = helper:OpenSession( host, port )
if ( not(status) ) then
stdnse.print_debug("OpenSession failed")
return
end
stdnse.print_debug( string.format("Trying %s/%s ...", username, password ) )
status, response = helper:Login( username, password )
-- if the response is "Parameter error." we're dealing with Netatalk
-- This basically means that the user account does not exist
-- In this case, why bother continuing? Simply abort and thank Netatalk for the fish
if response:match("Parameter error.") then
stdnse.print_debug("Netatalk told us the user does not exist! Thanks.")
-- mark it as "found" to skip it
found_users[username] = true
end
if status then
-- Add credentials for other afp scripts to use
if nmap.registry.afp == nil then
nmap.registry.afp = {}
end
nmap.registry.afp[username]=password
found_users[username] = true
table.insert( valid_accounts, string.format("%s:%s => Valid credentials", username, password:len()>0 and password or "<empty>" ) )
break
end
helper:CloseSession()
end
end
usernames("reset")
end
local output = stdnse.format_output(true, valid_accounts)
return output
end
Reference in New Issue View Git Blame Copy Permalink