Projects
openEuler:24.03:SP1:Everything
nmap
_service:tar_scm:remove-password-printing.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:remove-password-printing.patch of Package nmap
From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001 From: gaoxingwang <gaoxingwang1@huawei.com> Date: Tue, 31 Jan 2023 16:47:32 +0800 Subject: [PATCH] remove password printing --- scripts/broadcast-ospf2-discover.nse | 2 +- scripts/cassandra-brute.nse | 14 +++++++------- scripts/cics-user-brute.nse | 2 +- scripts/ldap-brute.nse | 12 ++++++------ scripts/nje-pass-brute.nse | 2 +- scripts/oracle-brute.nse | 2 +- scripts/tso-brute.nse | 4 ++-- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse index ad3fca0..b33c366 100644 --- a/scripts/broadcast-ospf2-discover.nse +++ b/scripts/broadcast-ospf2-discover.nse @@ -124,7 +124,7 @@ local ospfDumpHello = function(hello) stdnse.print_debug(2, "| Checksum: %s", hello.header.chksum) stdnse.print_debug(2, "| Auth Type: %s", hello.header.auth_type) if hello.header.auth_type == 0x01 then - stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password) + -- stdnse.print_debug(2, "| Auth Password: %s", hello.header.auth_data.password) elseif hello.header.auth_type == 0x02 then stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid) stdnse.print_debug(2, "| Auth Data Length: %s", hello.header.auth_data.length) diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse index 8363c65..c2dd124 100644 --- a/scripts/cassandra-brute.nse +++ b/scripts/cassandra-brute.nse @@ -54,21 +54,21 @@ Driver = { local status, err = self.socket:send(string.pack(">I4", #loginstr)) local combo = username..":"..password if ( not(status) ) then - local err = brute.Error:new( "couldn't send length:"..combo ) + local err = brute.Error:new( "couldn't send length:" ) err:setAbort( true ) return false, err end status, err = self.socket:send(loginstr) if ( not(status) ) then - local err = brute.Error:new( "couldn't send login packet: "..combo ) + local err = brute.Error:new( "couldn't send login packet: " ) err:setAbort( true ) return false, err end local status, response = self.socket:receive_bytes(22) if ( not(status) ) then - local err = brute.Error:new( "couldn't receive login reply size: "..combo ) + local err = brute.Error:new( "couldn't receive login reply size: " ) err:setAbort( true ) return false, err end @@ -78,16 +78,16 @@ Driver = { magic = string.sub(response,18,22) if (magic == cassandra.LOGINSUCC) then - stdnse.debug3("Account SUCCESS: "..combo) + stdnse.debug3("Account SUCCESS: ") return true, creds.Account:new(username, password, creds.State.VALID) elseif (magic == cassandra.LOGINFAIL) then - stdnse.debug3("Account FAIL: "..combo) + stdnse.debug3("Account FAIL: ") return false, brute.Error:new( "Incorrect password" ) elseif (magic == cassandra.LOGINACC) then - stdnse.debug3("Account VALID, but wrong password: "..combo) + stdnse.debug3("Account VALID, but wrong password: ") return false, brute.Error:new( "Good user, bad password" ) else - stdnse.debug3("Unrecognized packet for "..combo) + stdnse.debug3("Unrecognized packet for ") stdnse.debug3("packet hex: %s", stdnse.tohex(response) ) stdnse.debug3("size packet hex: %s", stdnse.tohex(size) ) stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) ) diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse index 768813e..559d752 100644 --- a/scripts/cics-user-brute.nse +++ b/scripts/cics-user-brute.nse @@ -176,7 +176,7 @@ Driver = { self.tn3270:find('TSS7000I') or self.tn3270:find('TSS7110E Password Has Expired. New Password Missing') or self.tn3270:find('TSS7001I') then - stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass) + -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass) return true, creds.Account:new(user, pass, creds.State.VALID) else -- ok whoa, something happened, print the screen but don't store as valid diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse index b239525..085e3a0 100644 --- a/scripts/ldap-brute.nse +++ b/scripts/ldap-brute.nse @@ -233,7 +233,7 @@ action = function( host, port ) -- Login correct, account disabled if not status and response:match("AcceptSecurityContext error, data 533,") then table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) ) - stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) + -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) credTable:add(fq_username,password, creds.State.DISABLED_VALID) break end @@ -241,7 +241,7 @@ action = function( host, port ) -- Login correct, user must change password if not status and response:match("AcceptSecurityContext error, data 773,") then table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>" ) ) - stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>") + -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>") credTable:add(fq_username,password, creds.State.CHANGEPW) break end @@ -249,7 +249,7 @@ action = function( host, port ) -- Login correct, user account expired if not status and response:match("AcceptSecurityContext error, data 701,") then table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>" ) ) - stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>") + -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>") credTable:add(fq_username,password, creds.State.EXPIRED) break end @@ -257,7 +257,7 @@ action = function( host, port ) -- Login correct, user account logon time restricted if not status and response:match("AcceptSecurityContext error, data 530,") then table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>" ) ) - stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>") + -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>") credTable:add(fq_username,password, creds.State.TIME_RESTRICTED) break end @@ -265,7 +265,7 @@ action = function( host, port ) -- Login correct, user account can only log in from certain workstations if not status and response:match("AcceptSecurityContext error, data 531,") then table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>" ) ) - stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>") + -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>") credTable:add(fq_username,password, creds.State.HOST_RESTRICTED) break end @@ -275,7 +275,7 @@ action = function( host, port ) status = is_valid_credential( socket, context ) if status then table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>" ) ) - stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>") + -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>") -- Add credentials for other ldap scripts to use if nmap.registry.ldapaccounts == nil then nmap.registry.ldapaccounts = {} diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse index 5cb29f6..1213906 100644 --- a/scripts/nje-pass-brute.nse +++ b/scripts/nje-pass-brute.nse @@ -113,7 +113,7 @@ Driver = { -- When we send an 'I' record, if the password is invalid it will reply with a 'B' record -- B in EBCDIC is 0xC2 if data:sub(19,19) ~= "\xc2" then - stdnse.verbose(2,"Valid NJE Password: %s", password) + -- stdnse.verbose(2,"Valid NJE Password: %s", password) return true, creds.Account:new("Password", password, creds.State.VALID) end return false, brute.Error:new( "Invalid Password" ) diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse index 8a94987..1fb4b0e 100644 --- a/scripts/oracle-brute.nse +++ b/scripts/oracle-brute.nse @@ -156,7 +156,7 @@ Driver = return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID) -- check for any other message elseif ( data:match("ORA[-]%d+")) then - stdnse.debug3("username: %s, password: %s, error: %s", username, password, data ) + -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data ) return false, brute.Error:new(data) -- any other errors are likely communication related, attempt to re-try else diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse index ff52c0c..2690a13 100644 --- a/scripts/tso-brute.nse +++ b/scripts/tso-brute.nse @@ -99,7 +99,7 @@ Driver = { local skip = self.options['skip'] stdnse.debug(2,"Getting to TSO") local run = stringaux.strsplit(";%s*", commands) - stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass) + -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass) for i = 1, #run do stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,run[i]) if i == #run and run[i]:upper():find("LOGON APPLID") and skip then @@ -159,7 +159,7 @@ Driver = { return false, brute.Error:new( "User ID not authorized to use TSO" ) else -- It's a valid account so lets try a password - stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass) + -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass) if always_logon then local writeable = self.tn3270:writeable() -- This turns on the 'reconnect' which may boot users off -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2