File citrix-brute-xml
Download: http://nmap.org/svn/scripts/citrix-brute-xml.nse
User Summary
Attempts to guess valid credentials for the Citrix PN Web Agent XML Service. The XML service authenticates against the local Windows server or the Active Directory.
CAUTION: This script makes no attempt of preventing account lockout. If the password list contains more passwords than the lockout-threshold accounts WILL be locked.
Script Arguments
passdb, userdb
See the documentation for the unpwdb library.http-max-cache-size, http.useragent, pipeline
See the documentation for the http library.Example Usage
nmap --script=citrix-brute-xml --script-args=userdb=<userdb>,passdb=<passdb>,ntdomain=<domain> -p 80,443,8080 <host>
Script Output
PORT STATE SERVICE REASON 8080/tcp open http-proxy syn-ack | citrix-brute-xml: | Joe:password => Must change password at next logon | Luke:summer => Login was successful |_ Jane:secret => Account is disabled
Requires
author Patrik Karlsson
copyright © Same as Nmap--See http://nmap.org/book/man-legal.html
Functions
| create_result_from_table (accounts) | Formats the result from the table of valid accounts |
| verify_password (host, port, username, password, domain) | Verifies if the credentials (username, password and domain) are valid |
Functions
- create_result_from_table (accounts)
-
Formats the result from the table of valid accounts
Parameters
- accounts: table containing accounts (tables)
Return value:
string containing the result - verify_password (host, port, username, password, domain)
-
Verifies if the credentials (username, password and domain) are valid
Parameters
- host: string, the ip against which to perform
- port: number, the port number of the XML service
- username: string, the username to authenticate as
- password: string, the password to authenticate with
- domain: string, the Windows domain to authenticate against
Return value:
success, message