Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Minecraft "Insecure Mode" Detection Script
From: Ron <ron () skullsecurity net>
Date: Thu, 13 Jan 2011 19:11:30 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 13 Jan 2011 15:22:46 -0800 Fyodor <fyodor () insecure org> wrote:
On Thu, Jan 13, 2011 at 01:13:02PM -0600, Ron wrote:

I personally think that unless it's big, noisy, slow, or pointless,
it should be included.

Somebody doing a vulnerability scan of their network might see no
vulnerabilities, even though this vulnerability exists.

I agree that it should be included if people consider it a
vulnerability.  But it seems to me more of a configuration preference.
It tests whether the game allows you to play with any username you
choose, or if you need to go register a free account at minecraft.net
first.

We can put it back if people want it included with Nmap.  Of course
even if it isn't in Nmap proper, anyone can download and use it from
the seclists link.

I also think the script could be even more useful if it could gather
more useful information than just this one boolean config value.  Then
it would be like some of our other *-info scripts.

Cheers,
Fyodor
Ah, okay, I didn't understand it properly. When I saw "insecure mode", I mentally mapped it into a vuln. 

Ron
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk0vosIACgkQ2t2zxlt4g/TPUwCfbeZ95rr2mb7Sjyf4KxcFZ6vI
ltkAn00ftFMhftacVwJRFm0quIiqZk2+
=2MO3
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]