Patrik KarlssonNMAP:ISCSI-BRUTE.NSEiscsi-brute NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Performs brute force password auditing against iSCSI targets.
Script Arguments
iscsi-brute.target
iSCSI target to brute-force.
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
creds.[service], creds.global
See the documentation for the creds library.
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
Example Usage
nmap -sV --script=iscsi-brute <target>
Script Output
PORT STATE SERVICE
3260/tcp open iscsi syn-ack
| iscsi-brute:
| Accounts
| user:password123456 => Valid credentials
| Statistics
|_ Perfomed 5000 guesses in 7 seconds, average tps: 714
Requires
local brute = require "brute"
local creds = require "creds"
local iscsi = require "iscsi"
local shortport = require "shortport"
local stdnse = require "stdnse"
description = [[
Performs brute force password auditing against iSCSI targets.
]]
---
-- @args iscsi-brute.target iSCSI target to brute-force.
-- @output
-- PORT STATE SERVICE
-- 3260/tcp open iscsi syn-ack
-- | iscsi-brute:
-- | Accounts
-- | user:password123456 => Valid credentials
-- | Statistics
-- |_ Perfomed 5000 guesses in 7 seconds, average tps: 714
-- Version 0.1
-- Created 2010/11/18 - v0.1 - created by Patrik Karlsson <[email protected]>
-- Revised 2010/11/27 - v0.2 - detect if no password is needed <[email protected]>
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"}
portrule = shortport.portnumber(3260, "tcp", {"open", "open|filtered"})
Driver = {
new = function(self, host, port)
local o = {}
setmetatable(o, self)
self.__index = self
o.host = host
o.port = port
o.target = stdnse.get_script_args('iscsi-brute.target')
return o
end,
connect = function( self )
self.helper = iscsi.Helper:new( self.host, self.port )
return self.helper:connect(brute.new_socket())
end,
login = function( self, username, password )
local status = self.helper:login( self.target, username, password, "CHAP")
if ( status ) then
return true, creds.Account:new(username, password, creds.State.VALID)
end
return false, brute.Error:new( "Incorrect password" )
end,
disconnect = function( self )
self.helper:close()
end,
}
action = function( host, port )
local target = stdnse.get_script_args('iscsi-brute.target')
if ( not(target) ) then
return stdnse.format_output(false, "No target specified (see iscsi-brute.target)")
end
local helper = iscsi.Helper:new( host, port )
local status, err = helper:connect()
if ( not(status) ) then return false, "Failed to connect" end
local response
status, response = helper:login( target )
helper:logout()
helper:close()
if ( status ) then return "No authentication required" end
local accounts
local engine = brute.Engine:new(Driver, host, port)
engine.options.script_name = SCRIPT_NAME
status, accounts = engine:start()
if ( status ) then return accounts end
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%