Last active
August 29, 2015 14:13
-
-
Save dmiller-nmap/7bb236c7d3c864167288 to your computer and use it in GitHub Desktop.
Patch to solve nmap/nmap#35 (http://seclists.org/nmap-dev/2014/q3/64)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/scripts/telnet-brute.nse b/scripts/telnet-brute.nse | |
index 9b0e019..94445de 100644 | |
--- a/scripts/telnet-brute.nse | |
+++ b/scripts/telnet-brute.nse | |
@@ -78,16 +78,24 @@ local patt_login = U.atwordboundary(re.compile [[([uU][sS][eE][rR][nN][aA][mM][e | |
local patt_password = U.atwordboundary(re.compile [[[pP][aA][sS][sS] ([wW][oO][rR][dD] / [cC][oO][dD][eE]) %s* ':' %s* !.]]) | |
-local patt_login_success = re.compile([[ | |
- prompt <- [/>%$#] / -- general prompt | |
- [lL][aA][sS][tT] %s+ [lL][oO][gG][iI][nN] %s* ':' / -- linux telnetd | |
- [A-Z] ':\\' / -- Windows telnet | |
- [mM][aA][iI][nN] (%s / %ESC '[' %d+ ';' %d+ 'H') [mM][eE][nN][uU] ! %a / -- Netgear RM356 | |
- [eE][nN][tT][eE][rR] %s+ [tT][eE][rR][mM][iI][nN][aA][lL] %s+ [eE][mM][uU][lL][aA][tT][iI][oO][nN] %s* ':' -- Hummingbird telnetd | |
-]], {ESC = "\x1B"}) | |
+-- Doubtful these all need to be case-insensitive, but that's how the old PCREs | |
+-- were written | |
+local patt_login_success = ( | |
+ U.anywhere( re.compile([[ [/>%$#] %s* !.]]) ) -- general prompt | |
+ + re.compile([[ [lL][aA][sS][tT] %s+ [lL][oO][gG][iI][nN] %s* ':' ]]) -- linux telnetd | |
+ + re.compile([[ [A-Z] ':\\' ]]) -- Windows telnet | |
+ + U.anywhere( | |
+ re.compile( | |
+ [[ [mM][aA][iI][nN] (%s / %ESC '[' %d+ ';' %d+ 'H') [mM][eE][nN][uU] ! %a ]], | |
+ {ESC = "\x1B"}) | |
+ ) -- Netgear RM356 | |
+ + re.compile( | |
+ [[ [eE][nN][tT][eE][rR] %s+ [tT][eE][rR][mM][iI][nN][aA][lL] %s+ [eE][mM][uU][lL][aA][tT][iI][oO][nN]':' %s* !.]] | |
+ ) -- Hummingbird telnetd | |
+ ) | |
-- basic tests | |
-assert(patt_login_success:match "$"); | |
+assert(patt_login_success:match "sh$ "); | |
assert(patt_login_success:match "/"); | |
assert(patt_login_success:match "last login:"); | |
assert(patt_login_success:match "C:\\\\"); | |
@@ -96,7 +104,7 @@ assert(patt_login_success:match "MaIn Menu"); | |
assert(patt_login_success:match "MaIn\x1B[12;31HMenu"); | |
assert(patt_login_success:match "enter terminaL\temulation:"); | |
-local patt_login_failure = U.atwordboundary(U.caseless "incorrect" + U.caseless "failed" + U.caseless "denied" + U.caseless "invalid" + U.caseless "bad") | |
+local patt_login_failure = U.atwordboundary(U.caseless "incorrect" + U.caseless "failed" + U.caseless "denied" + U.caseless "invalid" + U.caseless "bad") * re.compile("!%a") | |
--- | |
-- Decide whether a given string (presumably received from a telnet server) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment