Re: Sounds like ftp-anon needs work?

[Gutek <ange.gutek () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Works like a charm for me !
Attached is the same with R/W checking support.

It follows Metasploit scheme :
when successfully logged in, trying a MKD.
If succeeded (257), then it is considered Writeable (and we remove the
Dir).
If not, it's just Readable.

However, i've added something : the directory name we try to create is
random (in name and in lenght) so as to avoid potential name-based
filtering rules.

Tested local/in the wild :

Nmap scan report for 192.168.1.13
Host is up (0.0014s latency).
PORT   STATE SERVICE
21/tcp open  ftp
|_ftp-anon2: Anonymous FTP login allowed (Writeable)

Nmap scan report for 9A.76.219.67
Host is up (0.053s latency).
PORT   STATE SERVICE
21/tcp open  ftp
|_ftp-anon2: Anonymous FTP login allowed (Readable)

A.G.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkv6JPkACgkQ3aDTTO0ha7gITgCffanItZ8dDd4iEUZrYGqgZHId
EQcAniuZIVyf5EDB+mN4kaRvVCp3Qykh
=87Bz
-----END PGP SIGNATURE-----

Attachment: ftp-anon-rw.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/