PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" local string = require "string" local unpwdb = require "unpwdb" description = [[ Performs brute force password auditing against the Netbus backdoor ("remote administration") service. ]] --- -- @usage -- nmap -p 12345 --script netbus-brute -- -- @output -- 12345/tcp open netbus -- |_netbus-brute: password123 author = "Toni Ruottu" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"brute", "intrusive"} dependencies = {"netbus-version"} portrule = shortport.port_or_service (12345, "netbus", {"tcp"}) action = function( host, port ) local try = nmap.new_try() local passwords = try(unpwdb.passwords()) local socket = nmap.new_socket() local status, err = socket:connect(host.ip, port.number) if not status then return end local buffer, err = stdnse.make_buffer(socket, "\r") local _ = buffer() --skip the banner for password in passwords do local foo = string.format("Password;0;%s\r", password) socket:send(foo) local login = buffer() if login == "Access;1" then -- Store the password for other netbus scripts local key = string.format("%s:%d", host.ip, port.number) if not nmap.registry.netbuspasswords then nmap.registry.netbuspasswords = {} end nmap.registry.netbuspasswords[key] = password if password == "" then return "" end return string.format("%s", password) end end socket:close() end