Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: backorifice-brute NSE script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Wed, 4 May 2011 22:44:35 +0300

This problem is similar to something I encountered earlier. I felt I
needed an assumptions system, so I could tell nmap "assume that this
host is running BackOrifice on port 12300", which would mark that
port, as if it had backorifice, but the reason would be "assumed"
until the fact had been confirmed by something else.

Maybe one day we could have a system like that, but it requires
careful design. I think it would also be cool, if script could mark
their assumptions during a scan. For example some script that accesses
netstat remotely might be able to tell that "port 12300 probably has
backorifice", and it would be cool if it could record this assumption,
to trigger backorifice-brute against that port.

However, at the moment the correct way to do this is using
shortport.port_or_service(31337, "BackOrifice","udp") just like you
said, and if someone wishes to run the script against 12300, he needs
to modify the port number in the script. This should be fairly easy
for an experienced user. You do not need super user rights, as you can
copy the script over to the working directory before you modify it.

On Wed, May 4, 2011 at 7:45 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
And since the service can be configured to run on any port, what kind
of a rule should initiate this script?
If I use shortport.port_or_service(31337, "BackOrifice","udp"), it
won't be able to run on any port, and this script will be the main one
to identify a BackOrifice service running on any port. The probe is no
good, because it only works with default encryption (initial seed
31337) on port 31337.

On Wed, May 4, 2011 at 6:30 PM, Patrick Donnelly <batrick () batbytes com> wrote:
On Wed, May 4, 2011 at 9:11 AM, Gorjan Petrovski <mogi57 () gmail com> wrote:
Should a brute script update version info?

Probably not. I think backorifice-version would be more appropriate if possible.

So, with above answer in mind, should backorifice-brute update version
info if it finds the password?

Yes, definitely. Thanks for explaining.

--
- Patrick Donnelly

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault