Nmap Development mailing list archives
Re: NSEDoc @output for auth-spoof.nse
From: David Fifield <david () bamsoftware com>
Date: Thu, 8 Apr 2010 22:42:04 -0600
On Fri, Apr 09, 2010 at 05:33:18AM +0100, Diman Todorov wrote:
On Thu, Apr 8, 2010 at 8:44 PM, David Fifield <david () bamsoftware com> wrote:Can you send me an example of the output of the auth-spoof script? (It used to be called ircZombieTest.) I'm trying to make all the scripts have a proper @output section in the documentation.that script is unlikely to produce any output. somebody has changed it to use the comm lib which seems to not work as expected ;) I simulate an identd spoofer like this: Aristoteles:~ diman$ echo foo | sudo nc -l 113 then I use banner.nse - which is technically a glorified version of auth-spoof (I used it because unlike auth-spoof it has some debug info around the comm.get_banner call) and get this error: NSE: ./scripts/banner.nse failed for 127.0.0.1 on tcp port 113. Message: No Message.
Probably the nc dies after being connected to the first time (maybe you did a connect scan?). It works for me with # ncat -l 113 --sh-exec "echo foo" $ nmap localhost -p 113 --script=banner,auth-spoof Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-04-08 22:40 MDT NSE: Script Scanning completed. Nmap scan report for localhost (127.0.0.1) Host is up (0.0021s latency). PORT STATE SERVICE 113/tcp open auth |_banner: foo |_auth-spoof: Spoofed reply: foo I just want to know what a typical spoofed reply from an IRC zombie really looks like. I spent some time today looking, and though I saw reports that some malware does this, I could not find an example of the output. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: NSEDoc @output for auth-spoof.nse Diman Todorov (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse David Fifield (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse Brandon Enright (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse Brandon Enright (Apr 09)
- Re: NSEDoc @output for auth-spoof.nse Fyodor (Apr 10)
- Re: NSEDoc @output for auth-spoof.nse Brandon Enright (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse Diman Todorov (Apr 08)
- Re: NSEDoc @output for auth-spoof.nse David Fifield (Apr 08)