Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: backorifice-brute
From: Ron <ron () skullsecurity net>
Date: Thu, 16 Jun 2011 16:26:24 -0500

Why did you decide not to run it by default against 31337? I realize that it can be slow, and that 31337 will almost 
always be open-filtered, but all brute scripts are nasty like that. 


On Wed, 11 May 2011 23:53:31 +0200 Gorjan Petrovski <mogi57 () gmail com> wrote:
Hi folks,

I've finally finished the backorifice-brute script, and decided on the
criteria on which the script should run.

The BackOrifice service is a very old service which now we presume
would be used only in a galaxy far far away. Because of the time
needed for the bruteforcing we've included a mandatory script
argument. This argument (backorifice-brute.ports) specifies the ports
on which the script should run and if omitted, the script never runs.
We've also included a debug message if the default port on which the
service is found, 31337/udp, is open|filtered but not selected with
the ports argument, thus notifying the user of a chance for version
detection using the backorifice-brute script.

The host.times.timeout worked out perfectly with the service, I guess
I made a mistake in testing it out before. Sorry for the confusion,

I've also skimmed through the BackOrifice2000 client source code. The
protocol is different, the encryption is different compared to the
BackOrifice client. BO2K looks like a piece of art compared to BO :-)

Feel free to comment, as always.

I'm waiting for approval on committing this script. (But I have plenty
to work on, and it's a pretty non-popular service, so no pressure)

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]