Script dicom-brute

Script types: portrule
Categories: auth, brute
Download: https://svn.nmap.org/nmap/scripts/dicom-brute.nse

Script Summary

Attempts to brute force the Application Entity Title of a DICOM server (DICOM Service Provider).

Application Entity Titles (AET) are used to restrict responses only to clients knowing the title. Hence, the called AET is used as a form of password.

Script Arguments

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

creds.[service], creds.global

See the documentation for the creds library.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

dicom.called_aet, dicom.calling_aet

See the documentation for the dicom library.

Example Usage

• nmap -p4242 --script dicom-brute <target>

• nmap -sV --script dicom-brute <target>

• nmap --script dicom-brute --script-args passdb=aets.txt <target>
  

Script Output

PORT     STATE SERVICE        REASON
4242/tcp open  vrml-multi-use syn-ack
| dicom-brute: 
|   Accounts: 
|     Called Application Entity Title:ORTHANC - Valid credentials
|_  Statistics: Performed 5 guesses in 1 seconds, average tps: 5.0

Requires

• shortport
• dicom
• stdnse
• nmap
• brute
• creds

---

Author:

• Paulino Calderon <calderon()calderonpale.com>

License: Same as Nmap--See https://nmap.org/book/man-legal.html