Nmap Development mailing list archives

Re: [NSE Script] Skype v2 service detection

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 18 Aug 2006 01:20:53 +0000

On Thu, 2006-08-17 at 17:53 -0700, Fyodor wrote:

On Fri, Aug 18, 2006 at 12:40:21AM -0000, Brandon Enright wrote:

Here is a NSE/Lua script for detecting if a service is opened by Skype v2.
This implements the technique discussed last month about probing the service
with a get request and another random request and comparing answers between
the two.


Thanks, Brandon!  This, like the RealVNC overflow script you sent
yesterday, looks great!  I think Diman is on a well-earned vacation
right now, but we will incorporate these scripts upon his return in
early September.


To be clear, does this mean including Diman's NSE patch is planned to be
included with the main release of Nmap?

With his latest NSE release, I think scripts can
modify the service table so that this skype protocol 2 information can
be output just as if it had been discovered by VD.


Great!  I was going to ask for this.  Looking back at the final release
notes I see:

"* scripts can now belong to multiple categories
* the execution order of scripts can be predetermined by providing a  
unixish runlevel
* you can now get/set the version information of a port."

However I haven't seen any sample scripts do any of this and can't seem
to find any documentation describing these features.  If you can point
me in the right direction I'd like to play with some of these features.

In addition, we
will probably tag scripts like this as version detection so they run
automatically when you specify -sV.


Excellent idea.

Finally, the new runlevel
capability lets you ensure that version detection scripts like this
one run first, so skype interrogation or exploitation scripts can
depend on this skype detection being performed first so they know
which ports to target.


Also, the long fingerprints wont have to be output when a match is made.


Cheers,
-F


Thanks for the feedback,

Brandon


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE Script] Skype v2 service detection Brandon Enright (Aug 17)
- Re: [NSE Script] Skype v2 service detection Fyodor (Aug 17)
  - Re: [NSE Script] Skype v2 service detection Brandon Enright (Aug 17)
    - Re: [NSE Script] Skype v2 service detection Matthew Boyle (Aug 18)
    - Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 05)
    - Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 10)
    - Message not available
    - Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 11)
    - Re: [NSE Script] Skype v2 service detection Felix Groebert (Aug 18)
    - Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 05)
- Re: [NSE Script] Skype v2 service detection Diman Todorov (Sep 09)