201 lines
11 KiB
Diff
201 lines
11 KiB
Diff
From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001
|
|
From: gaoxingwang <gaoxingwang1@huawei.com>
|
|
Date: Tue, 31 Jan 2023 16:47:32 +0800
|
|
Subject: [PATCH] remove password printing
|
|
|
|
---
|
|
scripts/broadcast-ospf2-discover.nse | 2 +-
|
|
scripts/cassandra-brute.nse | 14 +++++++-------
|
|
scripts/cics-user-brute.nse | 2 +-
|
|
scripts/ldap-brute.nse | 12 ++++++------
|
|
scripts/nje-pass-brute.nse | 2 +-
|
|
scripts/oracle-brute.nse | 2 +-
|
|
scripts/tso-brute.nse | 4 ++--
|
|
7 files changed, 19 insertions(+), 19 deletions(-)
|
|
|
|
diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse
|
|
index ad3fca0..b33c366 100644
|
|
--- a/scripts/broadcast-ospf2-discover.nse
|
|
+++ b/scripts/broadcast-ospf2-discover.nse
|
|
@@ -124,7 +124,7 @@ local ospfDumpHello = function(hello)
|
|
stdnse.print_debug(2, "| Checksum: %s", hello.header.chksum)
|
|
stdnse.print_debug(2, "| Auth Type: %s", hello.header.auth_type)
|
|
if hello.header.auth_type == 0x01 then
|
|
- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password)
|
|
+ -- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password)
|
|
elseif hello.header.auth_type == 0x02 then
|
|
stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid)
|
|
stdnse.print_debug(2, "| Auth Data Length: %s", hello.header.auth_data.length)
|
|
diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse
|
|
index 8363c65..c2dd124 100644
|
|
--- a/scripts/cassandra-brute.nse
|
|
+++ b/scripts/cassandra-brute.nse
|
|
@@ -54,21 +54,21 @@ Driver = {
|
|
local status, err = self.socket:send(string.pack(">I4", #loginstr))
|
|
local combo = username..":"..password
|
|
if ( not(status) ) then
|
|
- local err = brute.Error:new( "couldn't send length:"..combo )
|
|
+ local err = brute.Error:new( "couldn't send length:" )
|
|
err:setAbort( true )
|
|
return false, err
|
|
end
|
|
|
|
status, err = self.socket:send(loginstr)
|
|
if ( not(status) ) then
|
|
- local err = brute.Error:new( "couldn't send login packet: "..combo )
|
|
+ local err = brute.Error:new( "couldn't send login packet: " )
|
|
err:setAbort( true )
|
|
return false, err
|
|
end
|
|
|
|
local status, response = self.socket:receive_bytes(22)
|
|
if ( not(status) ) then
|
|
- local err = brute.Error:new( "couldn't receive login reply size: "..combo )
|
|
+ local err = brute.Error:new( "couldn't receive login reply size: " )
|
|
err:setAbort( true )
|
|
return false, err
|
|
end
|
|
@@ -78,16 +78,16 @@ Driver = {
|
|
magic = string.sub(response,18,22)
|
|
|
|
if (magic == cassandra.LOGINSUCC) then
|
|
- stdnse.debug3("Account SUCCESS: "..combo)
|
|
+ stdnse.debug3("Account SUCCESS: ")
|
|
return true, creds.Account:new(username, password, creds.State.VALID)
|
|
elseif (magic == cassandra.LOGINFAIL) then
|
|
- stdnse.debug3("Account FAIL: "..combo)
|
|
+ stdnse.debug3("Account FAIL: ")
|
|
return false, brute.Error:new( "Incorrect password" )
|
|
elseif (magic == cassandra.LOGINACC) then
|
|
- stdnse.debug3("Account VALID, but wrong password: "..combo)
|
|
+ stdnse.debug3("Account VALID, but wrong password: ")
|
|
return false, brute.Error:new( "Good user, bad password" )
|
|
else
|
|
- stdnse.debug3("Unrecognized packet for "..combo)
|
|
+ stdnse.debug3("Unrecognized packet for ")
|
|
stdnse.debug3("packet hex: %s", stdnse.tohex(response) )
|
|
stdnse.debug3("size packet hex: %s", stdnse.tohex(size) )
|
|
stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) )
|
|
diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse
|
|
index 768813e..559d752 100644
|
|
--- a/scripts/cics-user-brute.nse
|
|
+++ b/scripts/cics-user-brute.nse
|
|
@@ -176,7 +176,7 @@ Driver = {
|
|
self.tn3270:find('TSS7000I') or
|
|
self.tn3270:find('TSS7110E Password Has Expired. New Password Missing') or
|
|
self.tn3270:find('TSS7001I') then
|
|
- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
|
|
+ -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
|
|
return true, creds.Account:new(user, pass, creds.State.VALID)
|
|
else
|
|
-- ok whoa, something happened, print the screen but don't store as valid
|
|
diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse
|
|
index b239525..085e3a0 100644
|
|
--- a/scripts/ldap-brute.nse
|
|
+++ b/scripts/ldap-brute.nse
|
|
@@ -233,7 +233,7 @@ action = function( host, port )
|
|
-- Login correct, account disabled
|
|
if not status and response:match("AcceptSecurityContext error, data 533,") then
|
|
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) )
|
|
- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
|
|
+ -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
|
|
credTable:add(fq_username,password, creds.State.DISABLED_VALID)
|
|
break
|
|
end
|
|
@@ -241,7 +241,7 @@ action = function( host, port )
|
|
-- Login correct, user must change password
|
|
if not status and response:match("AcceptSecurityContext error, data 773,") then
|
|
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>" ) )
|
|
- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
|
|
+ -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
|
|
credTable:add(fq_username,password, creds.State.CHANGEPW)
|
|
break
|
|
end
|
|
@@ -249,7 +249,7 @@ action = function( host, port )
|
|
-- Login correct, user account expired
|
|
if not status and response:match("AcceptSecurityContext error, data 701,") then
|
|
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>" ) )
|
|
- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
|
|
+ -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
|
|
credTable:add(fq_username,password, creds.State.EXPIRED)
|
|
break
|
|
end
|
|
@@ -257,7 +257,7 @@ action = function( host, port )
|
|
-- Login correct, user account logon time restricted
|
|
if not status and response:match("AcceptSecurityContext error, data 530,") then
|
|
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>" ) )
|
|
- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
|
|
+ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
|
|
credTable:add(fq_username,password, creds.State.TIME_RESTRICTED)
|
|
break
|
|
end
|
|
@@ -265,7 +265,7 @@ action = function( host, port )
|
|
-- Login correct, user account can only log in from certain workstations
|
|
if not status and response:match("AcceptSecurityContext error, data 531,") then
|
|
table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>" ) )
|
|
- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
|
|
+ -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
|
|
credTable:add(fq_username,password, creds.State.HOST_RESTRICTED)
|
|
break
|
|
end
|
|
@@ -275,7 +275,7 @@ action = function( host, port )
|
|
status = is_valid_credential( socket, context )
|
|
if status then
|
|
table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>" ) )
|
|
- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
|
|
+ -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
|
|
-- Add credentials for other ldap scripts to use
|
|
if nmap.registry.ldapaccounts == nil then
|
|
nmap.registry.ldapaccounts = {}
|
|
diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse
|
|
index 5cb29f6..1213906 100644
|
|
--- a/scripts/nje-pass-brute.nse
|
|
+++ b/scripts/nje-pass-brute.nse
|
|
@@ -113,7 +113,7 @@ Driver = {
|
|
-- When we send an 'I' record, if the password is invalid it will reply with a 'B' record
|
|
-- B in EBCDIC is 0xC2
|
|
if data:sub(19,19) ~= "\xc2" then
|
|
- stdnse.verbose(2,"Valid NJE Password: %s", password)
|
|
+ -- stdnse.verbose(2,"Valid NJE Password: %s", password)
|
|
return true, creds.Account:new("Password", password, creds.State.VALID)
|
|
end
|
|
return false, brute.Error:new( "Invalid Password" )
|
|
diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
|
|
index 8a94987..1fb4b0e 100644
|
|
--- a/scripts/oracle-brute.nse
|
|
+++ b/scripts/oracle-brute.nse
|
|
@@ -156,7 +156,7 @@ Driver =
|
|
return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
|
|
-- check for any other message
|
|
elseif ( data:match("ORA[-]%d+")) then
|
|
- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
|
|
+ -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
|
|
return false, brute.Error:new(data)
|
|
-- any other errors are likely communication related, attempt to re-try
|
|
else
|
|
diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse
|
|
index ff52c0c..2690a13 100644
|
|
--- a/scripts/tso-brute.nse
|
|
+++ b/scripts/tso-brute.nse
|
|
@@ -99,7 +99,7 @@ Driver = {
|
|
local skip = self.options['skip']
|
|
stdnse.debug(2,"Getting to TSO")
|
|
local run = stringaux.strsplit(";%s*", commands)
|
|
- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
|
|
+ -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
|
|
for i = 1, #run do
|
|
stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,run[i])
|
|
if i == #run and run[i]:upper():find("LOGON APPLID") and skip then
|
|
@@ -159,7 +159,7 @@ Driver = {
|
|
return false, brute.Error:new( "User ID not authorized to use TSO" )
|
|
else
|
|
-- It's a valid account so lets try a password
|
|
- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
|
|
+ -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
|
|
if always_logon then
|
|
local writeable = self.tn3270:writeable()
|
|
-- This turns on the 'reconnect' which may boot users off
|
|
--
|
|
2.33.0
|
|
|