Nmap Development mailing list archives
Re: LUA Script Ideas
From: "Eddie Bell" <ejlbell () gmail com>
Date: Tue, 1 Aug 2006 15:18:52 +0200
On 01/08/06, Fyodor <fyodor () insecure org> wrote:
Thanks, this is a good script idea! I think we should probably use a more subtle anon password than "@nmap-scan". It may be best to use whatever browsers like FireFox or IE use. I think that is wwwuser@, but I'm not certain. Also, did you test this against very many FTP servers? The script contains: socket:connect(host.ip, port.number, port.protocol) socket:send("anonymous"); socket:send("@nmap-scan"); I would expect that you would need at least a newline (probably "\r\n" after the username and password, and that some FTP servers would require you to wait for a username response before asking for the password. I think here you are just sending a username of "anonymous@nmap-scan", and the server may be waiting for more data (continuation of the username string). The 220 you get back (or don't) may just be the FTP server banner. Or maybe I'm wrong. But would you test this a little more against a servers allowing anon ftp (such as ftp.kernel.org, ftp.microsoft.com, ftp.sun.com) and some that don't (ftp.playboy.com)? I agree that a solid anonymous FTP testing script is worth having.
Erm yes, my only excuse is that it was rather early. Here is a working version testing with a 10000 node scan. It uses IEs default password, IEUser@. Firefox uses mozilla () example com so feel free to change it if you wish. Interesting ports on zeus-pub2.kernel.org (204.152.191.37): PORT STATE SERVICE 21/tcp open ftp |_ FTP: Anonymous login allowed Interesting ports on scanme.nmap.org (205.217.153.62): PORT STATE SERVICE 21/tcp filtered ftp Interesting ports on localhost (127.0.0.1): PORT STATE SERVICE 21/tcp open ftp - ejlb
Attachment:
anonFTP.lua.gz
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Martin Mačok (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Aug 01)
- Re: LUA Script Ideas Fyodor (Aug 02)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Richard Moore (Jul 31)
- Re: LUA Script Ideas Jon Passki (Jul 31)