<plugin-writing-newb> Hi all, longtime uesr, first time [attempted] writer. I'll try to keep it short. I'm looking for a way to enumerate password policy on Windows hosts: * lockout policy * min password age * max password age * min password length * password complexity (if possible; I don't think this one can be gotten remotely w/o credentials) * last login * last password change All of this can be acquired with nbtenum, enum, superscan, among others. I want a way to pull that info into a Nessus report though. After this, I want to try a quick password-guessing plugin that will try the username, password, and a configurable guess or two. I'd further want this to limit the guesses to one less than the lockout setting (if available). This could possibly be used to trigger a Hydra run as well, should lockout be set to zero. What I need: a starting point. I know there was a posting or two over a year ago about the same topic, but it didn't appear that anything came of it. Can anyone give me a clue as to what plugins to start looking at? I know these two will be rather complicated starter plugins, but I'm up for giving it a shot. </newb> Unrelated question: when Nessus runs NMap or Hydra, what version is used? Is the version installed on the system used, or is it included in Nessus somewhere? Thanks for your help! _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Jan 11 2005 - 08:32:49 PST