Monday, 16 April 2012

[EN] SMF CMS 1.1.4 - User enumeration

... or 'user-grabber'.

'How to' do it it's not a secret because SMF provides possibility
of checking what are names of users 'registered'.

Anyway, if You are testing for example passwords in SMF installation,
You can do this steps for Your users (I mean: You are an admin of SMF You're checking...;))

(Example presented here actually won't give You "usernames",
You will get only 'ID's of registered (available) users. I thought givint tool to
'remote get all users' won't be a good idea ;))

a) code presented below should helps You how to automate 'user grabbing':

http://pastebin.com/VDfVg2hc
 b) output:

SMF 1.1.4 CMS - user grabber 

Now. For what it can be used.

If You're checking 'possible' (weak) passwords for 'all enumerated users'
You can try a little brute force for passwords (based on usernames) like this:
if user (name) grabbed  in scan then try to log in as him with password like user1, user123, 
resu, password... and all 'guessable' passwords.

If You're doing some pentest with 'password checking' scenarios, maybe this
should helps You a little (in automate some work) ;)

Let me know if You need help with implementing this for 2.0.2 in comments or mail.

More information about other 'enumeration-bugs' from March/April
You can find also here.

Enjoy!

o/

No comments:

Post a comment

What do You think...?