Re: Last call for smtp-open-relay.nse - help needed

[Duarte Silva <duartejcsilva () gmail com>]

Hi David,

I made the changes necessary in order to make it clearer. Now the
script will handle TIMEOUT, EOF, and ERROR conditions from
receive_lines function and return the message accordingly. Tested
against the same SMTP server and it outputted the following.

> 25/tcp open  smtp    syn-ack Exim smtpd 4.69
> | smtp-open-relay:
> |_  ERROR: Failed to issue RSET command (connection closed)

There are some other changes:
+ More information in the script description
* If some combinations were already found before an error, the script
will report them

I also developed a new script that will try to enumerate the users in
a SMTP server using the VRFY or the EXPN command (using the
usernames.lst). If this is found to be useful since it seem that there
aren't many servers that allow those commands.

Patches bellow, regards
Duarte Silva

On Mon, Feb 22, 2010 at 6:42 PM, Duarte Silva <duartejcsilva () gmail com> wrote:
> Hi David,
>
> Will take a look at it :P
>
> Best regards,
> Duarte
>
> On Mon, Feb 22, 2010 at 5:55 PM, David Fifield <david () bamsoftware com> wrote:
> > On Sun, Feb 21, 2010 at 03:57:25PM +0000, Duarte Silva wrote:
> > > I decided to retest the script and still got some exceptions and
> > > errors. It seems I was able to fix it and currently the script looks
> > > pretty stable.
> > >
> > > Patch bellow, best regards,
> > > Duarte
> > >
> > > On Sat, Feb 20, 2010 at 9:30 PM, Duarte Silva <duartejcsilva () gmail com> wrote:
> > > > Hi,
> > > >
> > > > I made all the changes that you and Fyodor recommended. I also have
> > > > made some more improvements,
> > > > Changed script output to show all the successful tests
> > > > Changed from string concatenation to string formatting
> > > > QUIT message before closing connection (as wrote in the SMTP rfc)
> > > >
> > > > Patch in the attachments, best regards,
> >
> > Okay, thanks! I'm happy with the new changes and I committed your patch.
> > I now get this output when the server closes the connection:
> >
> > PORT   STATE SERVICE REASON
> > 25/tcp open  smtp    syn-ack
> > | smtp-open-relay:
> > |_  ERROR: Failed to issue RSET command
> >
> > That's still a little confusing, but it's better than uncontrolled
> > termination of the script.
> >
> > David Fifield

Attachment: smtp-enum-users.patch
Description:

Attachment: smtp-open-relay.patch
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/