9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Performs brute force password auditing against CVS pserver authentication.
string containing the name of the repository to brute if no repo was given the script checks the registry for any repositories discovered by the cvs-brute-repository script. If the registry contains any discovered repositories, the script attempts to brute force the credentials for the first one.
See the documentation for the unpwdb library.
See the documentation for the creds library.
See the documentation for the brute library.
nmap -p 2401 --script cvs-brute <host>
2401/tcp open cvspserver syn-ack
| cvs-brute:
| Accounts
| hotchner:francisco - Account is valid
| reid:secret - Account is valid
| Statistics
|_ Performed 544 guesses in 14 seconds, average tps: 38
local brute = require "brute"
local creds = require "creds"
local cvs = require "cvs"
local shortport = require "shortport"
local stdnse = require "stdnse"
description = [[
Performs brute force password auditing against CVS pserver authentication.
]]
---
-- @usage
-- nmap -p 2401 --script cvs-brute <host>
--
-- @output
-- 2401/tcp open cvspserver syn-ack
-- | cvs-brute:
-- | Accounts
-- | hotchner:francisco - Account is valid
-- | reid:secret - Account is valid
-- | Statistics
-- |_ Performed 544 guesses in 14 seconds, average tps: 38
--
-- @args cvs-brute.repo string containing the name of the repository to brute
-- if no repo was given the script checks the registry for any
-- repositories discovered by the cvs-brute-repository script. If the
-- registry contains any discovered repositories, the script attempts to
-- brute force the credentials for the first one.
-- Version 0.1
-- Created 07/13/2010 - v0.1 - created by Patrik Karlsson <[email protected]>
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"}
dependencies = {"cvs-brute-repository"}
portrule = shortport.port_or_service(2401, "cvspserver")
Driver =
{
new = function(self, host, port, repo)
local o = { repo = repo, helper = cvs.Helper:new(host, port) }
setmetatable(o, self)
self.__index = self
return o
end,
connect = function( self )
self.helper:connect(brute.new_socket())
return true
end,
login = function( self, username, password )
local status, err = self.helper:login( self.repo, username, password )
if ( status ) then
return true, creds.Account:new(username, password, creds.State.VALID)
end
-- This error seems to indicate that the user does not exist
if ( err:match("E PAM start error%: Critical error %- immediate abort\0$") ) then
stdnse.debug2("The user %s does not exist", username)
local err = brute.Error:new("Account invalid")
err:setInvalidAccount(username)
return false, err
end
return false, brute.Error:new( "Incorrect password" )
end,
disconnect = function( self )
self.helper:close()
end,
}
local function getDiscoveredRepos(host)
if ( not(host.registry.cvs_repos)) then
return
end
return host.registry.cvs_repos
end
action = function(host, port)
local repo = stdnse.get_script_args("cvs-brute.repo") and
{ stdnse.get_script_args("cvs-brute.repo") } or
getDiscoveredRepos(host)
if ( not(repo) ) then stdnse.verbose1("ERROR: No CVS repository specified (see cvs-brute.repo)") end
local status, result
-- If repositories were discovered and not overridden by argument
-- only attempt to brute force the first one.
local engine = brute.Engine:new(Driver, host, port, repo[1])
engine.options.script_name = SCRIPT_NAME
status, result = engine:start()
return result
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%