Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 20 Apr 2012 15:00:23 +0200

On Thu, Apr 5, 2012 at 2:31 PM, Daniel Miller <bonsaiviking () gmail com>wrote:

List,

I've just finished enhancing the nfs-ls, nfs-statfs, and nfs-showmount
scripts so that they can run based on version detection information,
for cases where the portmapper is firewalled. For nfs-ls and
nfs-statfs, this required making a hostrule to check that both a
mountd service and a nfs service were detected. In the process, I
ended up adding the AUTH_UNIX flavor to rpc.lua, since the RFC states
that AUTH_NULL can only be used for the NULL procedure (and my Linux
nfs-kernel-server was enforcing that).

Other minor changes:

* If running privileged, attempt to bind to a reserved port. Many NFS
servers refuse to talk to source ports >1024, as a "security measure"
* handle an odd case in nfs-ls where READDIRPLUS does not return file
attributes. Chose to use all ?'s, but in the future maybe a direct
GETATTR call?
* remove reference to nfs.dirlist argument from nfs-ls doc, since it is
unused

Hope you like it!

Dan

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Does anyone have a suitable environment to test Daniels improvements?
I currently don't, but could likely set one up if nobody else has the
possibility to test.
It would be great to get these changes committed.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]