Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nmapPatrik KarlssonNMAP:IAX2-BRUTE.NSE
HistoryJan 24, 2012 - 8:55 p.m.

iax2-brute NSE Script

2012-01-2420:55:29
Patrik Karlsson
nmap.org
84

EPSS

0.973

Percentile

99.9%

JSON

Performs brute force password auditing against the Asterisk IAX2 protocol. Guessing fails when a large number of attempts is made due to the maxcallnumber limit (default 2048). In case your getting “ERROR: Too many retries, aborted …” after a while, this is most likely what’s happening. In order to avoid this problem try: - reducing the size of your dictionary - use the brute delay option to introduce a delay between guesses - split the guessing up in chunks and wait for a while between them

Script Arguments

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

creds.[service], creds.global

See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

nmap -sU -p 4569 <ip> --script iax2-brute

Script Output

PORT     STATE         SERVICE
4569/udp open|filtered unknown
| iax2-brute:
|   Accounts
|     1002:password12 - Valid credentials
|   Statistics
|_    Performed 1850 guesses in 2 seconds, average tps: 925

Requires

local brute = require "brute"
local creds = require "creds"
local iax2 = require "iax2"
local shortport = require "shortport"

description = [[
Performs brute force password auditing against the Asterisk IAX2 protocol.
Guessing fails when a large number of attempts is made due to the maxcallnumber limit (default 2048).
In case your getting "ERROR: Too many retries, aborted ..." after a while, this is most likely what's happening.
In order to avoid this problem try:
  - reducing the size of your dictionary
  - use the brute delay option to introduce a delay between guesses
  - split the guessing up in chunks and wait for a while between them
]]

---
-- @usage
-- nmap -sU -p 4569 <ip> --script iax2-brute
--
-- @output
-- PORT     STATE         SERVICE
-- 4569/udp open|filtered unknown
-- | iax2-brute:
-- |   Accounts
-- |     1002:password12 - Valid credentials
-- |   Statistics
-- |_    Performed 1850 guesses in 2 seconds, average tps: 925
--
--

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"}


portrule = shortport.port_or_service(4569, "iax2", {"udp", "tcp"})

Driver = {

  new = function(self, host, port)
    local o = { host = host, port = port }
    setmetatable(o, self)
    self.__index = self
    return o
  end,

  connect = function(self)
    self.helper = iax2.Helper:new(self.host, self.port)
    return self.helper:connect()
  end,

  login = function(self, username, password)
    local status, resp = self.helper:regRelease(username, password)
    if ( status ) then
      return true, creds.Account:new( username, password, creds.State.VALID )
    elseif ( resp == "Release failed" ) then
      return false, brute.Error:new( "Incorrect password" )
    else
      local err = brute.Error:new(resp)
      err:setRetry(true)
      return false, err
    end
  end,

  disconnect = function(self) return self.helper:close() end,
}




action = function(host, port)
  local engine = brute.Engine:new(Driver, host, port)
  engine.options.script_name = SCRIPT_NAME
  local status, result = engine:start()
  return result
end

Related

nmap 200
nmap
nmap
nbstat NSE Script
2008-06-12 14:32:25
knx-gateway-discover NSE Script
2015-09-15 15:10:37
ms-sql-config NSE Script
2010-04-04 10:11:54

EPSS

0.973

Percentile

99.9%

JSON
Related for NMAP:IAX2-BRUTE.NSE
nmap200