|
Nmap Development
mailing list archives
Re: LUA Script Ideas
From: "Eddie Bell" <ejlbell () gmail com>
Date: Tue, 1 Aug 2006 15:18:52 +0200
On 01/08/06, Fyodor <fyodor () insecure org> wrote:
Thanks, this is a good script idea! I think we should probably use a
more subtle anon password than "@nmap-scan". It may be best to use
whatever browsers like FireFox or IE use. I think that is wwwuser@,
but I'm not certain.
Also, did you test this against very many FTP servers? The script contains:
socket:connect(host.ip, port.number, port.protocol)
socket:send("anonymous");
socket:send("@nmap-scan");
I would expect that you would need at least a newline (probably "\r\n"
after the username and password, and that some FTP servers would
require you to wait for a username response before asking for the
password. I think here you are just sending a username of
"anonymous () nmap-scan", and the server may be waiting for more data
(continuation of the username string). The 220 you get back (or
don't) may just be the FTP server banner.
Or maybe I'm wrong. But would you test this a little more against a
servers allowing anon ftp (such as ftp.kernel.org, ftp.microsoft.com,
ftp.sun.com) and some that don't (ftp.playboy.com)?
I agree that a solid anonymous FTP testing script is worth having.
Erm yes, my only excuse is that it was rather early. Here is a working
version testing with a 10000 node scan. It uses IEs default password,
IEUser () Firefox uses mozilla () example com so feel free to change it if
you wish.
Interesting ports on zeus-pub2.kernel.org (204.152.191.37):
PORT STATE SERVICE
21/tcp open ftp
|_ FTP: Anonymous login allowed
Interesting ports on scanme.nmap.org (205.217.153.62):
PORT STATE SERVICE
21/tcp filtered ftp
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
21/tcp open ftp
- ejlb
Attachment:
anonFTP.lua.gz
Description:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
 By Date 
By Thread
Current thread:
| 
Intro
