mailing list archives
Re: Ideas for nmap development
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 16 Apr 2011 20:40:06 +0300
The problem is that exploits may enable one to do all kinds of things
to a vulnerable system. It is not clear you want to do all of those
things. For example some versions of NetBus let you bypass
authentication. The netbus-auth-bypass script detects this and reports
it to the user. We also make use of the vulnerability in netbus-info,
as it is important for the admin to see what kind of information the
service leaks through. However we do not use auth bypass to perform
any operations on the vulnerable system.
The reason why we do not perform operations on systems is that nmap
does not have a way for defining operations. We'd first need a way of
telling nmap: change password of all discovered systems to "kallisti".
Then we could write setpwd-scripts to automate the task for different
protocols. This might not be a bad idea, but the tasks to perform
should not require interaction. Thus metasploit would still remain the
way to go for more complex tasks.
I just created a new script called action-passwd-netbus.nse that
attempts to set the password used to authenticate the NetBus server
admin. See the message thread with the same name on this mailing list.
If people write more such scripts you can, in the future, execute all
scripts of a certain exploit type, by giving a wildcard on the command
line. For example you could try to set passwords of all systems by
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/