Fixes #132

4 years ago · b6316de22a
parent 13d7bf7981
commit b6316de22a
3 changed files with 16 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -52,7 +52,7 @@ Many thanks! [@lanjelot](https://twitter.com/lanjelot)

 ## Usage Examples

-* FTP : Enumerating users denied login in vsftpd/userlist
+* FTP : Enumerating users denied login in `vsftpd/userlist`

 ```
 $ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500
@ -68,7 +68,7 @@ $ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='
 ...
 ```

-Tested against `vsftpd-3.0.2-9` on `CentOS 7.0-1406`
+Tested against `vsftpd-3.0.2-9` on `CentOS 7.0-1406`.

 * SSH : Time-based user enumeration

@ -84,7 +84,7 @@ $ ssh_login host=10.0.0.1 user=FILE0 0=logins.txt password=$(perl -e "print 'A'x
 ...
 ```

-Tested against openssh-server 1:6.0p1-4+deb7u2 on Debian 7.8
+Tested against `openssh-server 1:6.0p1-4+deb7u2` on `Debian 7.8`.

 * HTTP : Brute-force phpMyAdmin logon

@ -108,7 +108,7 @@ $ grep AllowNoPassword /tmp/qsdf/72_200\:13215\:0\:0.351.txt
 ... class="icon ic_s_error" /> Login without a password is forbidden by configuration (see AllowNoPassword)</div><noscript>
 ```

-Tested against phpMyAdmin 4.2.7.1.
+Tested against `phpMyAdmin 4.2.7.1`.

 * IKE : Enumerate transforms supported by VPN peer

@ -223,7 +223,7 @@ Networks -----------------------------------------
 03:18:53 patator    INFO - Hits/Done/Skip/Fail/Size: 11/1000/0/0/1000, Avg: 133 r/s, Time: 0h 0m 7s
 ```

-Also notice that test.hsc.fr. is the start of a new zone because we got NOERROR and no IP address.
+Also notice that `test.hsc.fr.` is the start of a new zone because we got NOERROR and no IP address.

 * DNS : Reverse lookup two netblocks owned by Google

--- a/9
+++ b/9
@ -19,9 +19,10 @@ apt-get install -y libsqlite3-dev libsqlcipher-dev # pysqlcipher
 apt-get install -y libpq-dev # psycopg2

 # xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
-apt-get install ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev
-apt-get install libavutil-dev libavcodec-dev libavresample-dev
-git clone https://github.com/FreeRDP/FreeRDP/ /tmp/FreeRDP && (cd /tmp/FreeRDP && cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && make && sudo make install)
+apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev
+apt-get install -y libavutil-dev libavcodec-dev libavresample-dev
+rm -fr /tmp/FreeRDP
+git clone https://github.com/FreeRDP/FreeRDP/ /tmp/FreeRDP && (cd /tmp/FreeRDP && cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && sudo cmake --build . --target install)

 SCRIPT

@ -29,7 +30,7 @@ $patator = <<SCRIPT
 python3 -m venv patatorenv --without-pip
 source patatorenv/bin/activate
 wget --quiet -O - https://bootstrap.pypa.io/get-pip.py | python3
-pip install patator
+python3 -m pip install patator

 SCRIPT

--- a/patator.py
+++ b/patator.py
@ -4062,24 +4062,18 @@ class RDP_login:

  def execute(self, host, port='3389', user=None, password=None):

-    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert-ignore', '+auth-only', '/sec:nla']
+    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert-ignore', '+auth-only', '/sec:nla', '/log-level:error']

    with Timing() as timing:
      p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
      out, err = map(B, p.communicate())
      code = p.returncode

-    err = err.replace('''Authentication only. Don't connect to X.
-credssp_recv() error: -1
-freerdp_set_last_error 0x20009\n''', '')
-    err = err.replace(''', check credentials.
-If credentials are valid, the NTLMSSP implementation may be to blame.
-Error: protocol security negotiation or connection failure
-Authentication only, exit status 1
-Authentication only, exit status 1''', '')
-    err = err.replace('''Authentication only. Don't connect to X.
-Authentication only, exit status 0
-Authentication only, exit status 0''', 'OK')
+    m = re.search(' (ERR.+?) ', err)
+    if m:
+      err = m.group(1)
+    elif 'Authentication only, exit status 0' in err:
+      err = 'OK'

    mesg = repr((out + err).strip())[1:-1]
    trace = '[out]\n%s\n[err]\n%s' % (out, err)