Nmap Development mailing list archives
Re: [NSE Script] Skype v2 service detection
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 18 Aug 2006 01:20:53 +0000
On Thu, 2006-08-17 at 17:53 -0700, Fyodor wrote:
On Fri, Aug 18, 2006 at 12:40:21AM -0000, Brandon Enright wrote:Here is a NSE/Lua script for detecting if a service is opened by Skype v2. This implements the technique discussed last month about probing the service with a get request and another random request and comparing answers between the two.Thanks, Brandon! This, like the RealVNC overflow script you sent yesterday, looks great! I think Diman is on a well-earned vacation right now, but we will incorporate these scripts upon his return in early September.
To be clear, does this mean including Diman's NSE patch is planned to be included with the main release of Nmap?
With his latest NSE release, I think scripts can modify the service table so that this skype protocol 2 information can be output just as if it had been discovered by VD.
Great! I was going to ask for this. Looking back at the final release notes I see: "* scripts can now belong to multiple categories * the execution order of scripts can be predetermined by providing a unixish runlevel * you can now get/set the version information of a port." However I haven't seen any sample scripts do any of this and can't seem to find any documentation describing these features. If you can point me in the right direction I'd like to play with some of these features.
In addition, we will probably tag scripts like this as version detection so they run automatically when you specify -sV.
Excellent idea.
Finally, the new runlevel capability lets you ensure that version detection scripts like this one run first, so skype interrogation or exploitation scripts can depend on this skype detection being performed first so they know which ports to target.
Also, the long fingerprints wont have to be output when a match is made.
Cheers, -F
Thanks for the feedback, Brandon _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE Script] Skype v2 service detection Brandon Enright (Aug 17)
- Re: [NSE Script] Skype v2 service detection Fyodor (Aug 17)
- Re: [NSE Script] Skype v2 service detection Brandon Enright (Aug 17)
- Re: [NSE Script] Skype v2 service detection Matthew Boyle (Aug 18)
- Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 05)
- Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 10)
- Message not available
- Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 11)
- Re: [NSE Script] Skype v2 service detection Brandon Enright (Aug 17)
- Re: [NSE Script] Skype v2 service detection Fyodor (Aug 17)
- Re: [NSE Script] Skype v2 service detection Felix Groebert (Aug 18)
- Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 05)