Nmap Development mailing list archives
Re: New script names
From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 22 Jan 2009 00:20:04 +0100
David Fifield wrote:
On Fri, Nov 07, 2008 at 07:41:58PM +0100, Vlatko Kosturjak wrote:xampp-default-auth => ftp-auth (I just modified xampp-default-auth to be more generic, it's just default FTP user/check anyway, not some "real" vuln... ). Changed script is in attachment.Thanks Vlatko. That's a good idea to give the script a more general name. As it is the script still only checks for an XAMPP vulnerability so I'll leave the name alone for now.
In the meantime, I asked FX for approval to include FTP default passwords from his phenoelit dpl: http://www.phenoelit-us.org/dpl/ So, I have made new version of the script which is in attachment. Kost
description = [[ Checks FTP server against default username/password combinations ]] --- -- @output -- 21/tcp open ftp -- |_ ftp-auth: Login success with u/p: nobody/xampp -- -- 2008-11-06 Vlatko Kosturjak <kost () linux hr> -- Modified xampp-default-auth script to generic ftp-auth script -- FTP passwords taken from Phenoelit dpl: http://www.phenoelit-us.org/dpl/ author = "Diman Todorov <diman.todorov () gmail com>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"auth", "vuln", "intrusive"} require "shortport" portrule = shortport.port_or_service(21, "ftp") login = function(socket, user, pass) local status, err local res = "" status, err = socket:send("USER " .. user .. "\n") status, err = socket:send("PASS " .. pass .. "\n") -- consume the banner and stuff while true do status, res = socket:receive_lines(1) if not string.match(res, "^220") and not string.match(res, "^331 ") then break end end -- are we logged in? if string.match(res, "^230") then return "Login success with u/p: " .. user .. "/" .. pass end end action = function(host, port) local res local socket = nmap.new_socket() local authcombinations = { {user="nobody", password="e0e0e0e0"}, --- xampp default ftp {user="newuser", password="wampp"}, --- xampp default ftp {user="nobody", password="xampp"}, --- xampp default ftp {user="ftp_admi", password="kilo1987"}, --- alcatel omnipcx off {user="ftp_oper", password="help1954"}, --- alcatel omnipcx off {user="ftp_inst", password="pbxk1064"}, --- alcatel omnipcx off {user="ftp_nmc", password="tuxalize"}, --- alcatel omnipcx off {user="admin", password="password"}, --- netgear adsl modem {user="admin", password="admin"}, --- seninleyimen @skan {user="xbox", password="xbox"}, --- Team Xodus, Xenium OS {user="user", password="pass"}, --- Watchguard SOHO(6) {user="rapport", password="r@p8p0r+"}, --- Wyse rapport {user="root", password="1234"} --- Zyxel Prestige } for _, combination in pairs (authcombinations) do socket:connect(host.ip, port.number) res = login(socket, combination.user, combination.password) socket:close() end return res end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: New script names Vlatko Kosturjak (Jan 21)
- ftp-brute script David Fifield (Jan 25)