From 5f19db4cc3a496029158d7a7e2c0307718248251 Mon Sep 17 00:00:00 2001 From: xingwei Date: Tue, 16 Jan 2024 07:40:58 +0000 Subject: [PATCH] remove password printing --- nmap.spec | 9 +- remove-password-printing.patch | 200 +++++++++++++++++++++++++++++++++ 2 files changed, 208 insertions(+), 1 deletion(-) create mode 100644 remove-password-printing.patch diff --git a/nmap.spec b/nmap.spec index a9a6b0b..feff6ed 100644 --- a/nmap.spec +++ b/nmap.spec @@ -3,7 +3,7 @@ Name: nmap Epoch: 2 Version: 7.94 -Release: 4 +Release: 5 License: Nmap Summary: A tool for network discovery and security auditing. Requires: %{name}-ncat = %{epoch}:%{version}-%{release} @@ -23,6 +23,7 @@ Patch0004: backport-upgrade-libpcre-to-PCRE2-10.42.patch Patch0005: backport-remove-nse_pcrelib-from-build.patch Patch0006: backport-nping-fix-out-of-bounds-access.patch Patch0007: backport-Ncat-server-UDP-do-not-quit-after-EOF-on-STDIN.-Fixe.patch +Patch0008: remove-password-printing.patch %define pixmap_srcdir zenmap/share/pixmaps @@ -73,6 +74,12 @@ ln -s ncat %{buildroot}%{_bindir}/nc %{_mandir}/man1/*.1.gz %changelog +* Tue Jan 16 2024 xingwei - 2:7.94-5 +- Type:bugfix +- CVE: +- SUG:NA +- DESC:remove password printing + * Fri Sep 15 2023 xingwei - 2:7.94-4 - Type:bugfix - CVE: diff --git a/remove-password-printing.patch b/remove-password-printing.patch new file mode 100644 index 0000000..9011fe5 --- /dev/null +++ b/remove-password-printing.patch @@ -0,0 +1,200 @@ +From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001 +From: gaoxingwang +Date: Tue, 31 Jan 2023 16:47:32 +0800 +Subject: [PATCH] remove password printing + +--- + scripts/broadcast-ospf2-discover.nse | 2 +- + scripts/cassandra-brute.nse | 14 +++++++------- + scripts/cics-user-brute.nse | 2 +- + scripts/ldap-brute.nse | 12 ++++++------ + scripts/nje-pass-brute.nse | 2 +- + scripts/oracle-brute.nse | 2 +- + scripts/tso-brute.nse | 4 ++-- + 7 files changed, 19 insertions(+), 19 deletions(-) + +diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse +index ad3fca0..b33c366 100644 +--- a/scripts/broadcast-ospf2-discover.nse ++++ b/scripts/broadcast-ospf2-discover.nse +@@ -124,7 +124,7 @@ local ospfDumpHello = function(hello) + stdnse.print_debug(2, "| Checksum: %s", hello.header.chksum) + stdnse.print_debug(2, "| Auth Type: %s", hello.header.auth_type) + if hello.header.auth_type == 0x01 then +- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password) ++ -- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password) + elseif hello.header.auth_type == 0x02 then + stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid) + stdnse.print_debug(2, "| Auth Data Length: %s", hello.header.auth_data.length) +diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse +index 8363c65..c2dd124 100644 +--- a/scripts/cassandra-brute.nse ++++ b/scripts/cassandra-brute.nse +@@ -54,21 +54,21 @@ Driver = { + local status, err = self.socket:send(string.pack(">I4", #loginstr)) + local combo = username..":"..password + if ( not(status) ) then +- local err = brute.Error:new( "couldn't send length:"..combo ) ++ local err = brute.Error:new( "couldn't send length:" ) + err:setAbort( true ) + return false, err + end + + status, err = self.socket:send(loginstr) + if ( not(status) ) then +- local err = brute.Error:new( "couldn't send login packet: "..combo ) ++ local err = brute.Error:new( "couldn't send login packet: " ) + err:setAbort( true ) + return false, err + end + + local status, response = self.socket:receive_bytes(22) + if ( not(status) ) then +- local err = brute.Error:new( "couldn't receive login reply size: "..combo ) ++ local err = brute.Error:new( "couldn't receive login reply size: " ) + err:setAbort( true ) + return false, err + end +@@ -78,16 +78,16 @@ Driver = { + magic = string.sub(response,18,22) + + if (magic == cassandra.LOGINSUCC) then +- stdnse.debug3("Account SUCCESS: "..combo) ++ stdnse.debug3("Account SUCCESS: ") + return true, creds.Account:new(username, password, creds.State.VALID) + elseif (magic == cassandra.LOGINFAIL) then +- stdnse.debug3("Account FAIL: "..combo) ++ stdnse.debug3("Account FAIL: ") + return false, brute.Error:new( "Incorrect password" ) + elseif (magic == cassandra.LOGINACC) then +- stdnse.debug3("Account VALID, but wrong password: "..combo) ++ stdnse.debug3("Account VALID, but wrong password: ") + return false, brute.Error:new( "Good user, bad password" ) + else +- stdnse.debug3("Unrecognized packet for "..combo) ++ stdnse.debug3("Unrecognized packet for ") + stdnse.debug3("packet hex: %s", stdnse.tohex(response) ) + stdnse.debug3("size packet hex: %s", stdnse.tohex(size) ) + stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) ) +diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse +index 768813e..559d752 100644 +--- a/scripts/cics-user-brute.nse ++++ b/scripts/cics-user-brute.nse +@@ -176,7 +176,7 @@ Driver = { + self.tn3270:find('TSS7000I') or + self.tn3270:find('TSS7110E Password Has Expired. New Password Missing') or + self.tn3270:find('TSS7001I') then +- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass) ++ -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass) + return true, creds.Account:new(user, pass, creds.State.VALID) + else + -- ok whoa, something happened, print the screen but don't store as valid +diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse +index b239525..085e3a0 100644 +--- a/scripts/ldap-brute.nse ++++ b/scripts/ldap-brute.nse +@@ -233,7 +233,7 @@ action = function( host, port ) + -- Login correct, account disabled + if not status and response:match("AcceptSecurityContext error, data 533,") then + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "" ) ) +- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "" ) ++ -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "" ) + credTable:add(fq_username,password, creds.State.DISABLED_VALID) + break + end +@@ -241,7 +241,7 @@ action = function( host, port ) + -- Login correct, user must change password + if not status and response:match("AcceptSecurityContext error, data 773,") then + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "" ) ) +- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "") ++ -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "") + credTable:add(fq_username,password, creds.State.CHANGEPW) + break + end +@@ -249,7 +249,7 @@ action = function( host, port ) + -- Login correct, user account expired + if not status and response:match("AcceptSecurityContext error, data 701,") then + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "" ) ) +- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "") ++ -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "") + credTable:add(fq_username,password, creds.State.EXPIRED) + break + end +@@ -257,7 +257,7 @@ action = function( host, port ) + -- Login correct, user account logon time restricted + if not status and response:match("AcceptSecurityContext error, data 530,") then + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "" ) ) +- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "") ++ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "") + credTable:add(fq_username,password, creds.State.TIME_RESTRICTED) + break + end +@@ -265,7 +265,7 @@ action = function( host, port ) + -- Login correct, user account can only log in from certain workstations + if not status and response:match("AcceptSecurityContext error, data 531,") then + table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "" ) ) +- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "") ++ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "") + credTable:add(fq_username,password, creds.State.HOST_RESTRICTED) + break + end +@@ -275,7 +275,7 @@ action = function( host, port ) + status = is_valid_credential( socket, context ) + if status then + table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "" ) ) +- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "") ++ -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "") + -- Add credentials for other ldap scripts to use + if nmap.registry.ldapaccounts == nil then + nmap.registry.ldapaccounts = {} +diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse +index 5cb29f6..1213906 100644 +--- a/scripts/nje-pass-brute.nse ++++ b/scripts/nje-pass-brute.nse +@@ -113,7 +113,7 @@ Driver = { + -- When we send an 'I' record, if the password is invalid it will reply with a 'B' record + -- B in EBCDIC is 0xC2 + if data:sub(19,19) ~= "\xc2" then +- stdnse.verbose(2,"Valid NJE Password: %s", password) ++ -- stdnse.verbose(2,"Valid NJE Password: %s", password) + return true, creds.Account:new("Password", password, creds.State.VALID) + end + return false, brute.Error:new( "Invalid Password" ) +diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse +index 8a94987..1fb4b0e 100644 +--- a/scripts/oracle-brute.nse ++++ b/scripts/oracle-brute.nse +@@ -156,7 +156,7 @@ Driver = + return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID) + -- check for any other message + elseif ( data:match("ORA[-]%d+")) then +- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data ) ++ -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data ) + return false, brute.Error:new(data) + -- any other errors are likely communication related, attempt to re-try + else +diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse +index ff52c0c..2690a13 100644 +--- a/scripts/tso-brute.nse ++++ b/scripts/tso-brute.nse +@@ -99,7 +99,7 @@ Driver = { + local skip = self.options['skip'] + stdnse.debug(2,"Getting to TSO") + local run = stringaux.strsplit(";%s*", commands) +- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass) ++ -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass) + for i = 1, #run do + stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,run[i]) + if i == #run and run[i]:upper():find("LOGON APPLID") and skip then +@@ -159,7 +159,7 @@ Driver = { + return false, brute.Error:new( "User ID not authorized to use TSO" ) + else + -- It's a valid account so lets try a password +- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass) ++ -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass) + if always_logon then + local writeable = self.tn3270:writeable() + -- This turns on the 'reconnect' which may boot users off +-- +2.33.0 +