packages/nmap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove password printing

Browse Source
This commit is contained in:
xingwei 2024-01-16 07:40:58 +00:00
parent 23bc335847
commit 5f19db4cc3
2 changed files with 208 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nmap.spec
View File

@ -3,7 +3,7 @@
Name: nmap
Epoch: 2
Version: 7.94
Release: 4
Release: 5
License: Nmap
Summary: A tool for network discovery and security auditing.
Requires: %{name}-ncat = %{epoch}:%{version}-%{release}
@ -23,6 +23,7 @@ Patch0004: backport-upgrade-libpcre-to-PCRE2-10.42.patch
Patch0005: backport-remove-nse_pcrelib-from-build.patch
Patch0006: backport-nping-fix-out-of-bounds-access.patch
Patch0007: backport-Ncat-server-UDP-do-not-quit-after-EOF-on-STDIN.-Fixe.patch
Patch0008: remove-password-printing.patch
%define pixmap_srcdir zenmap/share/pixmaps
@ -73,6 +74,12 @@ ln -s ncat %{buildroot}%{_bindir}/nc
%{_mandir}/man1/*.1.gz
%changelog
* Tue Jan 16 2024 xingwei <xingwei14@h-partners.com> - 2:7.94-5
- Type:bugfix
- CVE:
- SUG:NA
- DESC:remove password printing
* Fri Sep 15 2023 xingwei <xingwei14@h-partners.com> - 2:7.94-4
- Type:bugfix
- CVE:

200
remove-password-printing.patch Normal file
View File

@ -0,0 +1,200 @@
From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001
From: gaoxingwang <gaoxingwang1@huawei.com>
Date: Tue, 31 Jan 2023 16:47:32 +0800
Subject: [PATCH] remove password printing
---
scripts/broadcast-ospf2-discover.nse | 2 +-
scripts/cassandra-brute.nse | 14 +++++++-------
scripts/cics-user-brute.nse | 2 +-
scripts/ldap-brute.nse | 12 ++++++------
scripts/nje-pass-brute.nse | 2 +-
scripts/oracle-brute.nse | 2 +-
scripts/tso-brute.nse | 4 ++--
7 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse
index ad3fca0..b33c366 100644
--- a/scripts/broadcast-ospf2-discover.nse
+++ b/scripts/broadcast-ospf2-discover.nse
@@ -124,7 +124,7 @@ local ospfDumpHello = function(hello)
stdnse.print_debug(2, "| Checksum: %s", hello.header.chksum)
stdnse.print_debug(2, "| Auth Type: %s", hello.header.auth_type)
if hello.header.auth_type == 0x01 then
- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password)
+ -- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password)
elseif hello.header.auth_type == 0x02 then
stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid)
stdnse.print_debug(2, "| Auth Data Length: %s", hello.header.auth_data.length)
diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse
index 8363c65..c2dd124 100644
--- a/scripts/cassandra-brute.nse
+++ b/scripts/cassandra-brute.nse
@@ -54,21 +54,21 @@ Driver = {
local status, err = self.socket:send(string.pack(">I4", #loginstr))
local combo = username..":"..password
if ( not(status) ) then
- local err = brute.Error:new( "couldn't send length:"..combo )
+ local err = brute.Error:new( "couldn't send length:" )
err:setAbort( true )
return false, err
end
status, err = self.socket:send(loginstr)
if ( not(status) ) then
- local err = brute.Error:new( "couldn't send login packet: "..combo )
+ local err = brute.Error:new( "couldn't send login packet: " )
err:setAbort( true )
return false, err
end
local status, response = self.socket:receive_bytes(22)
if ( not(status) ) then
- local err = brute.Error:new( "couldn't receive login reply size: "..combo )
+ local err = brute.Error:new( "couldn't receive login reply size: " )
err:setAbort( true )
return false, err
end
@@ -78,16 +78,16 @@ Driver = {
magic = string.sub(response,18,22)
if (magic == cassandra.LOGINSUCC) then
- stdnse.debug3("Account SUCCESS: "..combo)
+ stdnse.debug3("Account SUCCESS: ")
return true, creds.Account:new(username, password, creds.State.VALID)
elseif (magic == cassandra.LOGINFAIL) then
- stdnse.debug3("Account FAIL: "..combo)
+ stdnse.debug3("Account FAIL: ")
return false, brute.Error:new( "Incorrect password" )
elseif (magic == cassandra.LOGINACC) then
- stdnse.debug3("Account VALID, but wrong password: "..combo)
+ stdnse.debug3("Account VALID, but wrong password: ")
return false, brute.Error:new( "Good user, bad password" )
else
- stdnse.debug3("Unrecognized packet for "..combo)
+ stdnse.debug3("Unrecognized packet for ")
stdnse.debug3("packet hex: %s", stdnse.tohex(response) )
stdnse.debug3("size packet hex: %s", stdnse.tohex(size) )
stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) )
diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse
index 768813e..559d752 100644
--- a/scripts/cics-user-brute.nse
+++ b/scripts/cics-user-brute.nse
@@ -176,7 +176,7 @@ Driver = {
self.tn3270:find('TSS7000I') or
self.tn3270:find('TSS7110E Password Has Expired. New Password Missing') or
self.tn3270:find('TSS7001I') then
- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
+ -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
return true, creds.Account:new(user, pass, creds.State.VALID)
else
-- ok whoa, something happened, print the screen but don't store as valid
diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse
index b239525..085e3a0 100644
--- a/scripts/ldap-brute.nse
+++ b/scripts/ldap-brute.nse
@@ -233,7 +233,7 @@ action = function( host, port )
-- Login correct, account disabled
if not status and response:match("AcceptSecurityContext error, data 533,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
+ -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
credTable:add(fq_username,password, creds.State.DISABLED_VALID)
break
end
@@ -241,7 +241,7 @@ action = function( host, port )
-- Login correct, user must change password
if not status and response:match("AcceptSecurityContext error, data 773,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.CHANGEPW)
break
end
@@ -249,7 +249,7 @@ action = function( host, port )
-- Login correct, user account expired
if not status and response:match("AcceptSecurityContext error, data 701,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.EXPIRED)
break
end
@@ -257,7 +257,7 @@ action = function( host, port )
-- Login correct, user account logon time restricted
if not status and response:match("AcceptSecurityContext error, data 530,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.TIME_RESTRICTED)
break
end
@@ -265,7 +265,7 @@ action = function( host, port )
-- Login correct, user account can only log in from certain workstations
if not status and response:match("AcceptSecurityContext error, data 531,") then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
credTable:add(fq_username,password, creds.State.HOST_RESTRICTED)
break
end
@@ -275,7 +275,7 @@ action = function( host, port )
status = is_valid_credential( socket, context )
if status then
table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>" ) )
- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
+ -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
-- Add credentials for other ldap scripts to use
if nmap.registry.ldapaccounts == nil then
nmap.registry.ldapaccounts = {}
diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse
index 5cb29f6..1213906 100644
--- a/scripts/nje-pass-brute.nse
+++ b/scripts/nje-pass-brute.nse
@@ -113,7 +113,7 @@ Driver = {
-- When we send an 'I' record, if the password is invalid it will reply with a 'B' record
-- B in EBCDIC is 0xC2
if data:sub(19,19) ~= "\xc2" then
- stdnse.verbose(2,"Valid NJE Password: %s", password)
+ -- stdnse.verbose(2,"Valid NJE Password: %s", password)
return true, creds.Account:new("Password", password, creds.State.VALID)
end
return false, brute.Error:new( "Invalid Password" )
diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
index 8a94987..1fb4b0e 100644
--- a/scripts/oracle-brute.nse
+++ b/scripts/oracle-brute.nse
@@ -156,7 +156,7 @@ Driver =
return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
-- check for any other message
elseif ( data:match("ORA[-]%d+")) then
- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
+ -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
return false, brute.Error:new(data)
-- any other errors are likely communication related, attempt to re-try
else
diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse
index ff52c0c..2690a13 100644
--- a/scripts/tso-brute.nse
+++ b/scripts/tso-brute.nse
@@ -99,7 +99,7 @@ Driver = {
local skip = self.options['skip']
stdnse.debug(2,"Getting to TSO")
local run = stringaux.strsplit(";%s*", commands)
- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
+ -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
for i = 1, #run do
stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,run[i])
if i == #run and run[i]:upper():find("LOGON APPLID") and skip then
@@ -159,7 +159,7 @@ Driver = {
return false, brute.Error:new( "User ID not authorized to use TSO" )
else
-- It's a valid account so lets try a password
- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
+ -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
if always_logon then
local writeable = self.tn3270:writeable()
-- This turns on the 'reconnect' which may boot users off
--
2.33.0