Nmap Development mailing list archives

Re: [NSE] Detection of ProFTPD backdoor


From: Michael Meyer <michael.meyer () greenbone net>
Date: Wed, 8 Dec 2010 10:52:18 +0100

Hello,

*** David Fifield <david () bamsoftware com> wrote:
On Tue, Dec 07, 2010 at 03:22:49PM +0100, Michael Meyer wrote:

I played around a little and got the following
working. It is _not_ a finished script, just an example.

Can you briefly explain what your script does differently?

No, not realy. ;) 

As i have written ... i'm testing this NSE-Script and because it doesn't
work for me i just play around until it works for me. For that I have
looked into other NSE-Scripts and just do Copy&Paste.

With the code from Mak i see, that there is never a response to the
"CMD_SHELL" request. Confirmed with wireshark. But i see no difference in
the requests. Both (the Request from Maks code and from my code) looks
identic. Very strange.

See also http://pastebin.com/08ZcanWf.

Micha
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: