I've been using this in the past for code reviews; let me know what you think or if you have other suggestions.
Hey, That service works great! It's based on the one we use at work, so it's very familiar. :) The code looks good to me (LGTM)! Were you able to test it to see if it still works? Feel free to add yourself to the 'authors' list as well. Ron On Sun, May 25, 2014 at 4:02 AM, <claudiu.perta@gmail.com> wrote: > Reviewers: rbowes.x86_gmail.com, > > Message: > I've been using this in the past for code reviews; let me know what you > think or if you have other suggestions. > > > > Please review this at https://codereview.appspot.com/100790043/ > > Affected files (+65, -26 lines): > M netbus-brute.nse > > > Index: netbus-brute.nse > =================================================================== > --- netbus-brute.nse (revision 32892) > +++ netbus-brute.nse (working copy) > @@ -1,11 +1,13 @@ > +local creds = require "creds" > +local brute = require "brute" > local nmap = require "nmap" > local shortport = require "shortport" > +local string = require "string" > local stdnse = require "stdnse" > -local string = require "string" > -local unpwdb = require "unpwdb" > > description = [[ > -Performs brute force password auditing against the Netbus backdoor > ("remote administration") service. > +Performs brute force password auditing against the Netbus backdoor > +("remote administration") service. > ]] > > --- > @@ -25,34 +27,71 @@ > > portrule = shortport.port_or_service (12345, "netbus", {"tcp"}) > > -action = function( host, port ) > - local try = nmap.new_try() > - local passwords = try(unpwdb.passwords()) > - local socket = nmap.new_socket() > - local status, err = socket:connect(host.ip, port.number) > - if not status then > - return > - end > - local buffer, err = stdnse.make_buffer(socket, "\r") > - local _ = buffer() --skip the banner > - for password in passwords do > - local foo = string.format("Password;0;%s\r", password) > - socket:send(foo) > - local login = buffer() > - if login == "Access;1" then > - -- Store the password for other netbus scripts > - local key = string.format("%s:%d", host.ip, port.number) > +Driver = { > + > + new = function(self, host, port) > + local o = {} > + setmetatable(o, self) > + self.__index = self > + o.host = host > + o.port = port > + return o > + end, > + > + connect = function(self) > + self.socket = nmap.new_socket() > + local status, err = self.socket:connect(self.host, self.port) > + if (not(status)) then > + return false, brute.Error:new("Couldn't connect to host: " .. err) > + end > + > + -- skip the banner > + -- TODO(claudiu) Check if there is a simpler way to do this > + -- TODO(claudiu) Error handling? > + local buffer, err = stdnse.make_buffer(self.socket, "\r") > + local _ = buffer() > + > + return true > + end, > + > + login = function(self, username, password) > + local buffer, err = stdnse.make_buffer(self.socket, "\r") > + > + local formatted_password = string.format("Password;0;%s\r", password) > + self.socket:send(formatted_password) > + > + local reply = buffer() > + > + if (reply == "Access;1") then > + -- Store the password for other netbus scripts > + local key = string.format("%s:%d", self.host, self.port) > + > if not nmap.registry.netbuspasswords then > nmap.registry.netbuspasswords = {} > end > nmap.registry.netbuspasswords[key] = password > - if password == "" then > - return "<empty>" > - end > - return string.format("%s", password) > + return true, brute.Account:new(username, password, > creds.State.VALID) > + else > + return false, brute.Error:new("Incorrect password") > end > + end, > + > + disconnect = function(self) > + self.socket:close() > + return true > + end, > + > + check = function(self) > + return true > end > - socket:close() > -end > +} > > +action = function(host, port) > + local status, result > + local engine = brute.Engine:new(Driver, host, port) > + engine.options.firstonly = true > + engine.options.passonly = true > + status, result = engine:start() > > + return result > +end > > >
