logo
DATABASE RESOURCES PRICING ABOUT US

dicom-brute NSE Script

Description

Attempts to brute force the Application Entity Title of a DICOM server (DICOM Service Provider). Application Entity Titles (AET) are used to restrict responses only to clients knowing the title. Hence, the called AET is used as a form of password. ## Script Arguments #### brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass See the documentation for the [brute](<../lib/brute.html#script-args>) library. #### creds.[service], creds.global See the documentation for the [creds](<../lib/creds.html#script-args>) library. #### passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the [unpwdb](<../lib/unpwdb.html#script-args>) library. #### dicom.called_aet, dicom.calling_aet See the documentation for the [dicom](<../lib/dicom.html#script-args>) library. ## Example Usage * nmap -p4242 --script dicom-brute <target> * nmap -sV --script dicom-brute <target> * nmap --script dicom-brute --script-args passdb=aets.txt <target> ## Script Output PORT STATE SERVICE REASON 4242/tcp open vrml-multi-use syn-ack | dicom-brute: | Accounts: | Called Application Entity Title:ORTHANC - Valid credentials |_ Statistics: Performed 5 guesses in 1 seconds, average tps: 5.0 ## Requires * [shortport](<../lib/shortport.html>) * [dicom](<../lib/dicom.html>) * [stdnse](<../lib/stdnse.html>) * [nmap](<../lib/nmap.html>) * [brute](<../lib/brute.html>) * [creds](<../lib/creds.html>) * * *


Related