Hello,
I have noticed a consequent part of the duration of an authenticated
Full & Fast scan was due to default_ssh_credentials.nasl. The script
iterates through a list of 180 username/password couples and
sequentially attempts to use them to connect to the target.
In order to speedup the process, I've tried to load the
username/password list into KB and call get_kb_item() to retrieve each
item in a separate process (see the patch attached, not optimized). As
a result I would have expected to get four (my configuration)
concurrent processes connecting to the target. htop reveals that only
two are executed in parallel. I can't explain this behavior, at the
beginning of the scan I can clearly see four concurrent processes
(spawned by different NVTs). After a while
default_ssh_credentials.nasl is the only one still running, but with
two processes only.
Any idea what could be wrong or what I could be missing?
Regards.
--
Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner
Index: scripts/default_ssh_credentials.nasl
===================================================================
--- scripts/default_ssh_credentials.nasl (revision 12562)
+++ scripts/default_ssh_credentials.nasl (working copy)
@@ -60,36 +60,29 @@
if(!get_port_state(port))exit(0);
foreach credential (credentials) {
+ set_kb_item(name:"credentials/default", value:credential);
+}
- user_pass = split(credential, sep:";",keep:FALSE);
+credential = get_kb_item("credentials/default");
+user_pass = split(credential, sep:";",keep:FALSE);
- if(isnull(user_pass[0]) || isnull(user_pass[1]))continue;
+if(isnull(user_pass[0]) || isnull(user_pass[1]))continue;
- if(!soc = open_sock_tcp(port))exit(0);
+if(!soc = open_sock_tcp(port))exit(0);
- user = chomp(user_pass[0]);
- pass = chomp(user_pass[1]);
+user = chomp(user_pass[0]);
+pass = chomp(user_pass[1]);
- if(tolower(pass) == "none")pass = "";
+if(tolower(pass) == "none")pass = "";
- login = ssh_login (socket:soc, login:user, password:pass, pub:NULL, priv:NULL, passphrase:NULL);
+login = ssh_login (socket:soc, login:user, password:pass, pub:NULL, priv:NULL, passphrase:NULL);
- if(login == 0) {
- default_credential_found = TRUE;
- report += string(user,':',pass,"\n");
- }
+if(login == 0) {
+ report = string(desc, "\n\nIt was possible to login with the following credentials\n\n");
+ report += string("User: ", user, "\n");
+ report += string("Password: ", pass, "\n");
- close(soc);
- usleep(50000);
+ security_hole(port:port, data:report);
}
-if(default_credential_found) {
-
- report = string("It was possible to login with the following credentials\n\nUser:Password\n\n",report);
- report = string(desc,"\n",report);
-
- security_hole(port:port,data:report);
- exit(0);
-
-}
-
+close(soc);
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
