Nmap Development mailing list archives

Re: New script names

From: Vlatko Kosturjak <kost () linux hr>
Date: Fri, 07 Nov 2008 19:41:58 +0100

Fyodor wrote:

Oh no.  Speaking of consistency, I just noticed that we have


You opened pandora box with consistency - yes :) So, speaking of
consistency, I would suggest following changes also:

sql-injection => http-sql-injection
(Anybody knows why this script crawls only http and not https?)

and

xampp-default-auth => ftp-auth

(I just modified xampp-default-auth to be more generic, it's just
default FTP user/check anyway, not some "real" vuln... ).
Changed script is in attachment.

Kost

description = [[
Checks FTP server against default username/password combinations
]]

---
-- @output
-- 21/tcp open  ftp
-- |_ ftp-auth: Login success with u/p: nobody/xampp
--
-- 2008-11-06 Vlatko Kosturjak <kost () linux hr>
-- Modified xampp-default-auth script to generic ftp-auth script

author = "Diman Todorov <diman.todorov () gmail com>"

license = "Same as Nmap--See http://nmap.org/book/man-legal.html";

categories = {"auth", "vuln", "intrusive"}

require "shortport"

portrule = shortport.port_or_service(21, "ftp")

login = function(socket, user, pass)
        local status, err
        local res = ""
        status, err = socket:send("USER " .. user .. "\n")
        status, err = socket:send("PASS " .. pass .. "\n")

        -- consume the banner and stuff
        while true do
                status, res = socket:receive_lines(1)
                if 
                        not string.match(res, "^220") 
                        and not string.match(res, "^331 ") 
                then
                        break
                end
        end

        -- are we logged in?
        if string.match(res, "^230") then
                return "Login success with u/p: " .. user .. "/" .. pass
        end
end

action = function(host, port)
        local res
        local socket = nmap.new_socket()
        local authcombinations = { 
                {user="nobody", password="e0e0e0e0"}, --- xampp default ftp
                {user="nobody", password="xampp"} --- xampp default ftp
        }

        for _, combination in pairs (authcombinations) do
                socket:connect(host.ip, port.number)
                res = login(socket, combination.user, combination.password)
                socket:close()
        end
        
        return  res
end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: New script names, (continued)
- - - Re: New script names Ron (Nov 12)
    - Re: New script names Richard Moore (Nov 12)
    - Re: New script names Arturo 'Buanzo' Busleiman (Nov 12)
    - Re: New script names sara fink (Nov 12)
    - Re: New script names Patrick Donnelly (Nov 12)
    - Re: New script names sara fink (Nov 12)
- Re: New script names Fyodor (Nov 06)
  - Re: New script names Dirk Loss (Nov 06)
    - Re: New script names Fyodor (Nov 07)
    - Re: New script names Fyodor (Nov 07)
    - Re: New script names Vlatko Kosturjak (Nov 07)
    - Re: New script names David Fifield (Nov 17)
    - Re: New script names bensonk (Nov 07)