Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.104145
Category:Nmap NSE net
Title:Nmap NSE net: smb-brute
Summary:Attempts to guess username/password combinations over SMB, storing;discovered combinations for use in other scripts.;;SYNTAX:;;userdb: The filename of an alternate username database.;;brutelimit: Limits the number of usernames checked in the script. In some;domains, it's possible to end up with 10.000+ usernames on each server. By;default, this will be '5000', which should be higher than most servers and also;prevent infinite loops or other weird things. This will only affect the user;list pulled from the server, not the username list.;;randomseed: Set to a value to change the filenames/service names that are;randomly generated.;;unpwdb.timelimit: The maximum amount of time that any iterator will run before;stopping. The value is in seconds by default and you can follow it with 'ms',;'s', 'm', or 'h' for milliseconds, seconds, minutes, or hours. For example,;'unpwdb.timelimit=30m' or 'unpwdb.timelimit=.5h' for 30 minutes. The default;depends on the timing template level (see the module description). Use the value;'0' to disable the time limit.;;unpwdb.userlimit: The maximum number of usernames 'usernames' will return;(default unlimited).;;smblockout: Unless this is set to '1' or 'true', the script won't continue if it;locks out an account or thinks it will lock out an account.;;smbport: Override the default port choice. If 'smbport' is open, it's used. It's assumed;to be the same protocol as port 445, not port 139.;;passdb: The filename of an alternate password database.;;smbbasic: Forces the authentication to use basic security, as opposed to 'extended security'.;Against most modern systems, extended security should work, but there may be cases;where you want to force basic. There's a chance that you'll get better results for;enumerating users if you turn on basic authentication.;;smbsign: Controls whether or not server signatures are checked in SMB packets. By default, on Windows,;server signatures aren't enabled or required. By default, this library will always sign;packets if it knows how, and will check signatures if the server says to. Possible values are:;; - 'force': Always check server signatures, even if server says it doesn't support them (will;probably fail, but is technically more secure).;; - 'negotiate': [default] Use signatures if server supports them.;; - 'ignore': Never check server signatures. Not recommended.;; - 'disable': Don't send signatures, at all, and don't check the server's. not recommended.;More information on signatures can be found in 'smbauth.lua'.;;canaries: Sets the number of tests to do to attempt to lock out the first account.;This will lock out the first account without locking out the rest of the accounts.;The default is 3, which will only trigger strict lockouts, but will also bump the;canary account up far enough to detect a lockout well before other accounts are;hit.;;unpwdb.passlimit: The maximum number of passwords 'passwords' will return;(default unlimited).
Description:Summary:
Attempts to guess username/password combinations over SMB, storing
discovered combinations for use in other scripts.

SYNTAX:

userdb: The filename of an alternate username database.

brutelimit: Limits the number of usernames checked in the script. In some
domains, it's possible to end up with 10.000+ usernames on each server. By
default, this will be '5000', which should be higher than most servers and also
prevent infinite loops or other weird things. This will only affect the user
list pulled from the server, not the username list.

randomseed: Set to a value to change the filenames/service names that are
randomly generated.

unpwdb.timelimit: The maximum amount of time that any iterator will run before
stopping. The value is in seconds by default and you can follow it with 'ms',
's', 'm', or 'h' for milliseconds, seconds, minutes, or hours. For example,
'unpwdb.timelimit=30m' or 'unpwdb.timelimit=.5h' for 30 minutes. The default
depends on the timing template level (see the module description). Use the value
'0' to disable the time limit.

unpwdb.userlimit: The maximum number of usernames 'usernames' will return
(default unlimited).

smblockout: Unless this is set to '1' or 'true', the script won't continue if it
locks out an account or thinks it will lock out an account.

smbport: Override the default port choice. If 'smbport' is open, it's used. It's assumed
to be the same protocol as port 445, not port 139.

passdb: The filename of an alternate password database.

smbbasic: Forces the authentication to use basic security, as opposed to 'extended security'.
Against most modern systems, extended security should work, but there may be cases
where you want to force basic. There's a chance that you'll get better results for
enumerating users if you turn on basic authentication.

smbsign: Controls whether or not server signatures are checked in SMB packets. By default, on Windows,
server signatures aren't enabled or required. By default, this library will always sign
packets if it knows how, and will check signatures if the server says to. Possible values are:

- 'force': Always check server signatures, even if server says it doesn't support them (will
probably fail, but is technically more secure).

- 'negotiate': [default] Use signatures if server supports them.

- 'ignore': Never check server signatures. Not recommended.

- 'disable': Don't send signatures, at all, and don't check the server's. not recommended.
More information on signatures can be found in 'smbauth.lua'.

canaries: Sets the number of tests to do to attempt to lock out the first account.
This will lock out the first account without locking out the rest of the accounts.
The default is 3, which will only trigger strict lockouts, but will also bump the
canary account up far enough to detect a lockout well before other accounts are
hit.

unpwdb.passlimit: The maximum number of passwords 'passwords' will return
(default unlimited).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

CopyrightCopyright (C) 2011 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.