Nmap Development mailing list archives

Re: [NSE] Shodan exploits database library (and demo script)


From: Gutek <ange.gutek () gmail com>
Date: Sun, 12 Dec 2010 22:47:21 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 12/12/2010 20:37, Fyodor a écrit :
you should divide by something like a million to the i power.

after meeting some x.y.154 this afternoon, this is exactly what it does
by now :)
For the moment I'll keep an algorithm which allows me to deal with a
unique number representing the versions, as it seems easier to me to
manipulate versions and ranges with as less comparisons loops as
possible...as long as it's proved to be reliable. If not, I'll change
for your second suggestion.

Anyway, in the end it could use both (a unique number and a per-digit
approach): alone, a math versions comparison is not always pertinent.
For example, giving an exploit working on "Apache <= 2.x.y" as an output
when the script deals with a target showing "Apache 1.3.x" doesn't make
sense.
"This is not mission difficult, Mr. Hunt, it's mission impossible" :)

Thanks !

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk0FQukACgkQ3aDTTO0ha7gbUACfbI3uETIFOH168OXZQk/xL65K
bM8An00WBfE6/XR0roRKIMXWVlabvAWj
=gnqE
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: