Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Bug in anonFTP.nse
From: "Eddie Bell" <ejlbell () gmail com>
Date: Tue, 3 Jun 2008 22:54:10 +0100

Hello,

NSOCK (0.2980s) Callback: READ SUCCESS for EID 178 [Y.Y.Y.Y:21] (77 bytes): 220 (vsFTPd 2.0.5)..331 Please specify 
the password...230 Login successful...

What hex separates the password prompt from the status code? I guess
it's a different eol sequence that "^" doesn't catch for some reason.

cheers
  - eddie

2008/6/3 David Fifield <david () bamsoftware com>:
Hi,

Sometimes the anonFTP.nse script fails because it sometimes reads more
than one line at a time and misses a status code. Here I have exceprted
the relevant parts of the --script-trace output.

$ nmap -p ftp --script anonFTP --script-trace target
SCRIPT ENGINE: TCP X.X.X.X:1289 > Y.Y.Y.Y:21 | CONNECT
NSOCK (0.2110s) Write request for 16 bytes to IOD #1 EID 19 [Y.Y.Y.Y:21]: USER anonymous..
NSOCK (0.2120s) Write request for 14 bytes to IOD #1 EID 27 [Y.Y.Y.Y:21]: PASS IEUser ()   
NSOCK (0.2140s) Callback: READ SUCCESS for EID 34 [Y.Y.Y.Y:21] (20 bytes): 220 (vsFTPd 2.0.5)..
NSOCK (0.2140s) Callback: READ SUCCESS for EID 42 [Y.Y.Y.Y:21] (34 bytes): 331 Please specify the password...
NSOCK (0.2160s) Callback: READ SUCCESS for EID 50 [Y.Y.Y.Y:21] (23 bytes): 230 Login successful...
Interesting ports:
PORT   STATE SERVICE
21/tcp open  ftp
|_ Anonymous FTP: FTP: Anonymous login allowed

However if I change the scan a little,

$ nmap -p ftp,https -sC --script-trace
SCRIPT ENGINE: TCP X.X.X.X:2337 > Y.Y.Y.Y:21 | CONNECT
NSOCK (0.2870s) Write request for 16 bytes to IOD #1 EID 83 [Y.Y.Y.Y:21]: USER anonymous..
NSOCK (0.2900s) Write request for 14 bytes to IOD #1 EID 131 [Y.Y.Y.Y:21]: PASS IEUser ()   
NSOCK (0.2980s) Callback: READ SUCCESS for EID 178 [Y.Y.Y.Y:21] (77 bytes): 220 (vsFTPd 2.0.5)..331 Please specify 
the password...230 Login successful...
Interesting ports:
PORT    STATE SERVICE
21/tcp  open  ftp
443/tcp open  https
|_ SSLv2: server still supports SSLv2
|_ HTML title: Site doesn't have a title.

Notice how all replies came back on one line, so the script didn't get
the /^230/ it was looking for.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault