Nmap ldap-novell-getpass NSE Script
This page contains detailed information about how to use the ldap-novell-getpass NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/ldap-novell-getpass.nse
Script categories: discovery, safe
Target service / protocol: ldap, ldapssl
Target network port(s): 389, 636
List of CVEs: -
Script Description
The ldap-novell-getpass.nse script attempts to retrieve the Novell Universal Password for a user. You must already have (and include in script arguments) the username and password for an eDirectory server administrative account.
Ldap-novell-getpass NSE Script Arguments
This is a full list of arguments supported by the ldap-novell-getpass.nse script:
ldap-novell-getpass.accountThe name of the account to retrieve the password for
ldap-novell-getpass.passwordThe LDAP password to use when connecting to the server
ldap-novell-getpass.usernameThe LDAP username to use when connecting to the server
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=ldap-novell-getpass --script-args ldap-novell-getpass.account=value,ldap-novell-getpass.password=value <target>Ldap-novell-getpass NSE Script Example Usage
Here's an example of how to use the ldap-novell-getpass.nse script:
nmap -p 636 --script ldap-novell-getpass --script-args \
'ldap-novell-getpass.username="CN=admin,O=cqure", \
ldap-novell-getpass.password=pass1234, \
ldap-novell-getpass.account="CN=paka,OU=hr,O=cqure"'
Ldap-novell-getpass NSE Script Example Output
Here's a sample output from the ldap-novell-getpass.nse script:
PORT STATE SERVICE REASON
636/tcp open ldapssl syn-ack
| ldap-novell-getpass:
| Account: CN=patrik,OU=security,O=cqure
|_ Password: foobar
Ldap-novell-getpass NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/ldap-novell-getpass.html
- https://github.com/nmap/nmap/tree/master/scripts/ldap-novell-getpass.nse
See Also
Related NSE scripts to the ldap-novell-getpass.nse script:
Visit Nmap NSE Library for more scripts.
The ldap-novell-getpass.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
No username was supplied (ldap-novell-getpass.username)
Here is a relevant code snippet related to the "No username was supplied (ldap-novell-getpass.username)" error message:
58: local username = stdnse.get_script_args("ldap-novell-getpass.username")
59: local password = stdnse.get_script_args("ldap-novell-getpass.password") or ""
60: local account = stdnse.get_script_args("ldap-novell-getpass.account")
61:
62: if ( not(username) ) then
63: return fail("No username was supplied (ldap-novell-getpass.username)")
64: end
65: if ( not(account) ) then
66: return fail("No account was supplied (ldap-novell-getpass.account)")
67: else
68: -- do some basic account validation
No account was supplied (ldap-novell-getpass.account)
Here is a relevant code snippet related to the "No account was supplied (ldap-novell-getpass.account)" error message:
61:
62: if ( not(username) ) then
63: return fail("No username was supplied (ldap-novell-getpass.username)")
64: end
65: if ( not(account) ) then
66: return fail("No account was supplied (ldap-novell-getpass.account)")
67: else
68: -- do some basic account validation
69: if ( not(account:match("^[Cc][Nn]=.*,") ) ) then
70: return fail("The account argument should be specified as: "CN=name,OU=orgunit,O=org"")
71: end
The account argument should be specified as: "CN=name,OU=orgunit,O=org"
Here is a relevant code snippet related to the "The account argument should be specified as: "CN=name,OU=orgunit,O=org"" error message:
65: if ( not(account) ) then
66: return fail("No account was supplied (ldap-novell-getpass.account)")
67: else
68: -- do some basic account validation
69: if ( not(account:match("^[Cc][Nn]=.*,") ) ) then
70: return fail("The account argument should be specified as: "CN=name,OU=orgunit,O=org"")
71: end
72: end
73:
74: -- In order to discover what protocol to use (SSL/TCP) we need to send a
75: -- few bytes to the server. An anonymous bind should do it
Failed to connect to LDAP server
Here is a relevant code snippet related to the "Failed to connect to LDAP server" error message:
74: -- In order to discover what protocol to use (SSL/TCP) we need to send a
75: -- few bytes to the server. An anonymous bind should do it
76: local anon_bind = stdnse.fromhex( "300c020101600702010304008000" )
77: local socket, _, opt = comm.tryssl( host, port, anon_bind, nil )
78: if ( not(socket) ) then
79: return fail("Failed to connect to LDAP server")
80: end
81:
82: local status, errmsg = ldap.bindRequest( socket, {
83: version = 3,
84: username = username,
Failed to send request
Here is a relevant code snippet related to the "Failed to send request" error message:
104:
105: -- encode the whole extended request as a sequence
106: data = ldap.encode( { _ldaptype = '30', stdnse.fromhex( "020102") .. data } )
107:
108: status = socket:send(data)
109: if ( not(status) ) then return fail("Failed to send request") end
110:
111: status, data = socket:receive()
112: if ( not(status) ) then return data end
113: socket:close()
114:
An unknown error occurred
Here is a relevant code snippet related to the "An unknown error occurred" error message:
117: -- make sure the result code was a success
118: local rescode = ( #response >= 2 ) and response[2]
119: local respname = ( #response >= 5 ) and response[5]
120:
121: if ( rescode ~= 0 ) then
122: local errmsg = ( #response >= 4 ) and response[4] or "An unknown error occurred"
123: return fail(errmsg)
124: end
125:
126: -- make sure we get a NMAS Get Password Response back from the server
127: if ( respname ~= NMASLDAP_GET_PASSWORD_RESPONSE ) then return end
No password was found
Here is a relevant code snippet related to the "No password was found" error message:
129: local universal_pw = ( #response >= 6 and #response[6] >= 3 ) and response[6][3]
130:
131: if ( universal_pw ) then
132: local output = {}
133: table.insert(output, ("Account: %s"):format(account))
134: table.insert(output, ("Password: %s"):format(universal_pw))
135: return stdnse.format_output(true, output)
136: else
137: return fail("No password was found")
138: end
139: end
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
