Script backorifice-brute

Script types: portrule
Categories: intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/backorifice-brute.nse

Script Summary

Performs brute force password auditing against the BackOrifice service. The backorifice-brute.ports script argument is mandatory (it specifies ports to run the script against).

Script Arguments

backorifice-brute.ports

(mandatory) List of UDP ports to run the script against separated with "," ex. "U:31337,25252,151-222", "U:1024-1512"

This script uses the brute library to perform password guessing. A successful password guess is stored in the nmap registry, under the nmap.registry.credentials.backorifice table for other BackOrifice scripts to use.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

creds.[service], creds.global

See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

nmap -sU --script backorifice-brute <host> --script-args backorifice-brute.ports=<ports>

Script Output

PORT       STATE  SERVICE
31337/udp  open   BackOrifice
| backorifice-brute:
|   Accounts:
|     michael => Valid credentials
|   Statistics
|_    Perfomed 60023 guesses in 467 seconds, average tps: 138

Requires

• bits
• brute
• creds
• nmap
• shortport
• stdnse
• string
• table

---

Author:

• Gorjan Petrovski

License: Same as Nmap--See https://nmap.org/book/man-legal.html