Script nje-pass-brute

Script types: portrule
Categories: intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/nje-pass-brute.nse

Script Summary

z/OS JES Network Job Entry (NJE) 'I record' password brute forcer.

After successfully negotiating an OPEN connection request, NJE requires sending, what IBM calls, an 'I record'. This initialization record may sometimes require a password. This script, provided with a valid OHOST/RHOST for the NJE connection, brute forces the password.

Most systems only have one password, it is recommended to use the brute.firstonly script argument.

Script Arguments

nje-pass-brute.sleep

NJE only allows one connection from a valid OHOST. The sleep value ensures only one connection is valid at a time. The default is 1 second.

nje-pass-brute.rhost

The target NJE server RHOST value.

nje-pass-brute.ohost

The target NJE server OHOST value.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

creds.[service], creds.global

See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

nmap -sV --script=nje-pass-brute --script-args=ohost='POTATO',rhost='CACTUS' <target>
nmap --script=nje-pass-brute --script-args=ohost='POTATO',rhost='CACTUS',sleep=5 -p 175 <target>

Script Output

PORT    STATE SERVICE VERSION
175/tcp open  nje     IBM Network Job Entry (JES)
| nje-pass-brute:
|   NJE Password:
|     Password:A - Valid credentials
|_  Statistics: Performed 8 guesses in 12 seconds, average tps: 0

Requires

• string
• stdnse
• shortport
• brute
• creds
• unpwdb
• drda
• comm

---

Author:

• Soldier of Fortran

License: Same as Nmap--See https://nmap.org/book/man-legal.html