Henri DoreauNMAP:OMP2-BRUTE.NSEomp2-brute NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Performs brute force password auditing against the OpenVAS manager using OMPv2.
Script Arguments
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.
creds.[service], creds.global
See the documentation for the creds library.
brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass
See the documentation for the brute library.
omp2.password, omp2.username
See the documentation for the omp2 library.
Example Usage
nmap -p 9390 --script omp2-brute <target>
Script Output
PORT STATE SERVICE REASON
9390/tcp open openvas syn-ack
| omp2-brute:
| Accounts
|_ admin:secret => Valid credentials
Requires
local brute = require "brute"
local creds = require "creds"
local omp2 = require "omp2"
local shortport = require "shortport"
description = [[
Performs brute force password auditing against the OpenVAS manager using OMPv2.
]]
---
-- @usage
-- nmap -p 9390 --script omp2-brute <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 9390/tcp open openvas syn-ack
-- | omp2-brute:
-- | Accounts
-- |_ admin:secret => Valid credentials
--
author = "Henri Doreau"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"brute", "intrusive"}
portrule = shortport.port_or_service(9390, "openvas")
Driver = {
new = function(self, host, port)
local o = {}
setmetatable(o, self)
self.__index = self
o.host = host
o.port = port
o.session = omp2.Session:new(brute.new_socket())
return o
end,
--- Connects to the OpenVAS Manager
--
-- @return status boolean for connection success/failure
-- @return err string describing the error on failure
connect = function(self)
return self.session:connect(self.host, self.port)
end,
--- Closes connection
--
-- @return status boolean for closing success/failure
disconnect = function(self)
return self.session:close()
end,
--- Attempts to login the the OpenVAS Manager using a given username/password
-- couple. Store the credentials in the registry on success.
--
-- @param username string containing the login username
-- @param password string containing the login password
-- @return status boolean for login success/failure
-- @return err string describing the error on failure
login = function(self, username, password)
if self.session:authenticate(username, password) then
-- store the account for possible future use
omp2.add_account(self.host, username, password)
return true, creds.Account:new(username, password, creds.State.VALID)
else
return false, brute.Error:new("login failed")
end
end,
}
action = function(host, port)
local engine = brute.Engine:new(Driver, host, port)
engine.options.script_name = SCRIPT_NAME
local status, result = engine:start()
return result
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%