Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapPatrik KarlssonNMAP:INFORMIX-BRUTE.NSE
HistoryAug 19, 2010 - 10:47 p.m.

informix-brute NSE Script

2010-08-1922:47:52
Patrik Karlsson
nmap.org
84

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Performs brute force password auditing against IBM Informix Dynamic Server.

Script Arguments

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

creds.[service], creds.global

See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

informix.instance

See the documentation for the informix library.

Example Usage

nmap --script informix-brute -p 9088 <host>

Script Output

PORT     STATE SERVICE
9088/tcp open  unknown
| informix-brute:
|   Accounts
|     ifxnoob:ifxnoob => Valid credentials
|   Statistics
|_    Perfomed 25024 guesses in 75 seconds, average tps: 320

Summary
-------
  x The Driver class contains the driver implementation used by the brute
    library

Requires

local brute = require "brute"
local creds = require "creds"
local informix = require "informix"
local nmap = require "nmap"
local shortport = require "shortport"
local table = require "table"

description = [[
Performs brute force password auditing against IBM Informix Dynamic Server.
]]

---
-- @usage
-- nmap --script informix-brute -p 9088 <host>
--
-- @output
-- PORT     STATE SERVICE
-- 9088/tcp open  unknown
-- | informix-brute:
-- |   Accounts
-- |     ifxnoob:ifxnoob => Valid credentials
-- |   Statistics
-- |_    Perfomed 25024 guesses in 75 seconds, average tps: 320
--
-- Summary
-- -------
--   x The Driver class contains the driver implementation used by the brute
--     library
--

--
-- Version 0.1
-- Created 07/23/2010 - v0.1 - created by Patrik Karlsson <[email protected]>
--

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"}


portrule = shortport.port_or_service( { 1526, 9088, 9090, 9092 }, "informix", "tcp", "open")

Driver =
{

  new = function(self, host, port)
    local o = {}
    setmetatable(o, self)
    self.__index = self
    o.host = host
    o.port = port
    return o
  end,

  --- Connects performs protocol negotiation
  --
  -- @return true on success, false on failure
  connect = function( self )
    local status, data
    self.helper = informix.Helper:new( self.host, self.port, "on_nmap_dummy" )

    status, data = self.helper:Connect(brute.new_socket())
    if ( not(status) ) then
      return status, data
    end

    return true
  end,

  --- Attempts to login to the Informix server
  --
  -- @param username string containing the login username
  -- @param password string containing the login password
  -- @return status, true on success, false on failure
  -- @return brute.Error object on failure
  --         creds.Account object on success
  login = function( self, username, password )
    local status, data = self.helper:Login( username, password, {} )

    if ( status ) then
      if ( not(nmap.registry['informix-brute']) ) then
        nmap.registry['informix-brute'] = {}
      end
      table.insert( nmap.registry['informix-brute'], { ["username"] = username, ["password"] = password } )
      return true, creds.Account:new(username, password, creds.State.VALID)
      -- Check for account locked message
    elseif ( data:match("INFORMIXSERVER does not match either DBSERVERNAME or DBSERVERALIASES") ) then
      return true, creds.Account:new(username, password, creds.State.VALID)
    end

    return false, brute.Error:new( data )

  end,

  --- Disconnects and terminates the Informix communication
  disconnect = function( self )
    self.helper:Close()
  end,

}


action = function(host, port)
  local status, result
  local engine = brute.Engine:new(Driver, host, port )
  engine.options.script_name = SCRIPT_NAME

  status, result = engine:start()

  return result
end

Related

nmap 199
nmap
nmap
ms-sql-empty-password NSE Script
2010-04-04 10:11:54
nat-pmp-info NSE Script
2010-09-28 19:43:06
stuxnet-detect NSE Script
2010-12-12 22:40:42

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON
Related for NMAP:INFORMIX-BRUTE.NSE
nmap199