Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 18 Jun 2012 17:06:39 -0500

On 04/20/2012 08:00 AM, Patrik Karlsson wrote:


On Thu, Apr 5, 2012 at 2:31 PM, Daniel Miller <bonsaiviking () gmail com <mailto:bonsaiviking () gmail com>> wrote:

    List,

    I've just finished enhancing the nfs-ls, nfs-statfs, and nfs-showmount
    scripts so that they can run based on version detection information,
    for cases where the portmapper is firewalled. For nfs-ls and
    nfs-statfs, this required making a hostrule to check that both a
    mountd service and a nfs service were detected. In the process, I
    ended up adding the AUTH_UNIX flavor to rpc.lua, since the RFC states
    that AUTH_NULL can only be used for the NULL procedure (and my Linux
    nfs-kernel-server was enforcing that).

    Other minor changes:

    * If running privileged, attempt to bind to a reserved port. Many NFS
    servers refuse to talk to source ports >1024, as a "security measure"
    * handle an odd case in nfs-ls where READDIRPLUS does not return file
    attributes. Chose to use all ?'s, but in the future maybe a direct
    GETATTR call?
    * remove reference to nfs.dirlist argument from nfs-ls doc, since
    it is unused

    Hope you like it!

    Dan

    _______________________________________________
    Sent through the nmap-dev mailing list
    http://cgi.insecure.org/mailman/listinfo/nmap-dev
    Archived at http://seclists.org/nmap-dev/


Does anyone have a suitable environment to test Daniels improvements?
I currently don't, but could likely set one up if nobody else has the possibility to test.
It would be great to get these changes committed.

Cheers,
Patrik
--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77


I haven't heard anything, positive or negative, regarding testing on this patch, though I got lots of publicity when I requested testers on Twitter. I'm attaching an updated patch that applies to the current SVN versions of these scripts and libraries (Some lua-formatting had changed things around). I'd appreciate a second look, since I haven't run into any issues, and people may be falsely thinking their NFS setup is secure since Nmap can't currently get access.

Dan

Attachment: nfs-update.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]