Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: backorifice-brute NSE script
From: Patrick Donnelly <batrick () batbytes com>
Date: Wed, 4 May 2011 16:15:32 -0400

On Wed, May 4, 2011 at 12:45 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
And since the service can be configured to run on any port, what kind
of a rule should initiate this script?
If I use shortport.port_or_service(31337, "BackOrifice","udp"), it
won't be able to run on any port, and this script will be the main one
to identify a BackOrifice service running on any port. The probe is no
good, because it only works with default encryption (initial seed
31337) on port 31337.

There are version scripts which run on (almost) any open port. See
skypev2-version.nse portrule. However, as I understand it, the
BackOrifice service looks filtered unless you can authenticate
properly with it. If we were to run backorifice-brute against all
unfiltered UDP ports... that would take a while ;). I think for this
we need a script argument where the user suggests a port list to run
against. Something like: --script-arg 'backorifice-brute.ports=31338'
or --script-arg 'backorifice-brute.ports=1-65536'.

- Patrick Donnelly
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]