Re: LUA Script Ideas

["Eddie Bell" <ejlbell () gmail com>]

On 01/08/06, Fyodor <fyodor () insecure org> wrote:

> Thanks, this is a good script idea!  I think we should probably use a
> more subtle anon password than "@nmap-scan".  It may be best to use
> whatever browsers like FireFox or IE use.  I think that is wwwuser@,
> but I'm not certain.
>
> Also, did you test this against very many FTP servers?  The script contains:
>
>         socket:connect(host.ip, port.number, port.protocol)
>         socket:send("anonymous");
>         socket:send("@nmap-scan");
>
> I would expect that you would need at least a newline (probably "\r\n"
> after the username and password, and that some FTP servers would
> require you to wait for a username response before asking for the
> password.  I think here you are just sending a username of
> "anonymous@nmap-scan", and the server may be waiting for more data
> (continuation of the username string).  The 220 you get back (or
> don't) may just be the FTP server banner.
>
> Or maybe I'm wrong.  But would you test this a little more against a
> servers allowing anon ftp (such as ftp.kernel.org, ftp.microsoft.com,
> ftp.sun.com) and some that don't (ftp.playboy.com)?
>
> I agree that a solid anonymous FTP testing script is worth having.

Erm yes, my only excuse is that it was rather early. Here is a working
version testing with a 10000 node scan. It uses IEs default password,
IEUser@. Firefox uses mozilla () example com so feel free to change it if
you wish.

Interesting ports on zeus-pub2.kernel.org (204.152.191.37):
PORT   STATE SERVICE
21/tcp open  ftp
|_ FTP: Anonymous login allowed

Interesting ports on scanme.nmap.org (205.217.153.62):
PORT   STATE    SERVICE
21/tcp filtered ftp

Interesting ports on localhost (127.0.0.1):
PORT   STATE SERVICE
21/tcp open  ftp

- ejlb

Attachment: anonFTP.lua.gz
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev