Home page logo

nmap-dev logo Nmap Development mailing list archives

NSE / nsock library questions
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Thu, 22 May 2008 15:59:02 -0500

I'll pose the questions first, and then provide a little background in
case it helps.

1.  Does NSE or nsock allow you to create and open a socket for
(inbound) listening, rather than for (outbound) connections?

2.  Does NSE allow you to specify the originating port or port range
that you would like to use for sockets?  More specifically, can I tell
it that the outbound connection needs to originate from a "privileged"
port (<1023)?

Here's the background: I'm looking into creating an NSE script to
extract information from hosts running the rshd (remote shell) service.
If I understand the protocol correctly, the client system opens a
connection to the rshd service (must be from a privileged port) and
sends a null terminated ASCII string.  This string is interpreted by the
server as a port number on the client system, which the server will
attempt a connection to (this is why I need to create a listening port).
This port must also be a privileged port.  The client then sends the
user and command information over the first established connection,
while the server sends responses back over the second established

I can't see any way to accomplish this using the current set of
NSE/nsock functionality, and I'm afraid I'm not too keen to dig into raw
sockets / pcap unless I absolutely have to.

Are there any other situations where it might be of value to be able to
create listening sockets?  Given the recent discussion about Nessus, and
the expressed interest in building Nmap's profile in the vulnerability
scanning field, I wonder if this functionality might be helpful to
others as well.



Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]