Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: BackOrifice service probe
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 7 Apr 2011 04:54:50 +0300

I don't think it works against password protected servers. A password
protected server would not send anything in response for this probe,
as the server would try to decrypt the probe using the password, and
it would decrypt into nonsense. The key space is small, so this might
not be the whole story.

If you had bad luck, you might pick a password that creates the same
cipher text that the default encryption does (I'd need to verify this
to be sure). In that case the server would accept both clients that
use the correct password, and clients that do not use a password.

On Thu, Apr 7, 2011 at 3:54 AM, David Fifield <david () bamsoftware com> wrote:
On Thu, Apr 07, 2011 at 01:26:39AM +0200, Gorjan Petrovski wrote:
I've attached a file containing the updated BackOrifice with much more
information. I hope it's enough. I wasn't sure if I should include the
information in the mail or in the file. I've set the match rule to
recognize the server which I'm using at the moment. It uses the
maximum available characters which can be reliably used and using
those it recognizes version 1.20.

One more question before I add this: Does the probe work against servers
that have a password set?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault