Mailing List Archive: accounts.nes

accounts.nes

noamr at beyondsecurity

Feb 26, 2002, 11:38 AM

Post #1 of 2 (512 views)

Hi,

Wouldn't:
ret = read_all(sockets, limit);

for(i=0;i<limit;i++)
{
#if 0
if(!(ret[i] && strstr(ret[i], "word:")))
{
if(ret[i])
if(((!strstr(ret[i], "denied"))&&
(!strstr(ret[i], "incorrect"))&&
(!strstr(ret[i], "ogin:")))||strstr(ret[i], "last login"))
{
accounts[i]->working = 1;
}
shutdown(sockets[i], 2);
close(sockets[i]);
sockets[i]=-1;
}

Detect just if the lower case string shows up? if Last login is written, it
won't detect anything?

Thanks
Noam Rathaus
http://www.SecurITeam.com
http://www.BeyondSecurity.com

Accounts.nes [ In reply to ]

noamr at beyondsecurity

Feb 26, 2002, 1:17 PM

Post #2 of 2 (506 views)

Hi,

cat /tmp/nessus-iCKQOo | grep "accounts"
results|192.168.1.6|192.168.1.1|general/tcp|10328|Security Note|The plugin
accounts.nes was too slow to finish - the server killed it\n\nCVE :
CAN-1999-0502\n

As you can see even if it finds out some accounts, even on a local network it
would be too slow to finish, maybe it should be like the DCE, report when you
find one, instead of chunch in a whole report?

Thanks
Noam Rathaus
http://www.SecurITeam.com
http://www.BeyondSecurity.com