Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: Joao Correa <joao () livewire com br>
Date: Wed, 19 May 2010 11:07:39 -0300
If you change the directory you are in while running nmap, the warning will probably disappear. Try running it with -d, just to check for any NSE related message, what would mean that the scripts are being at least called. On Wed, May 19, 2010 at 10:53 AM, Walt Scrivens <walts () gate net> wrote:
It hangs and has to be stopped after several minutes with ^C: ------------------ testcomputer:nmap walts$ sudo ./nmap --script ftp-anon.nse ftp.cyan.com Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-05-18 17:09 EDT Warning: File ./nmap-services exists, but Nmap is using /usr/local/share/nmap/nmap-services for security and consistency reasons. set NMAPDIR=. to give priority to files in your local directory (may affect the other data files too). Warning: Unable to open interface vmnet1 -- skipping it. Warning: Unable to open interface vmnet8 -- skipping it. testcomputer:nmap walts$ ----------------------- This is a 64-bit MacBook Pro running 10.6.3 - I have compiled with the 32-bit options per previous posts here: ./configure CFLAGS="-m32" CXXFLAGS="-m32" LDFLAGS="-m32" but it doesn't seem to help. FWIW, setting NMAPDIR=. doesn't change anything - the warning message still appears. Walt On May 19, 2010, at 9:25 AM, Joao Correa wrote:Hi Walt, that's a little strange. I have just checked out the latest version from svn and the scripts are working well on my mac. What exactly is your problem? On Wed, May 19, 2010 at 9:28 AM, Walt Scrivens <walts () gate net> wrote:That was my first impression, too from looking at the script. I was thinking of adding "ftp" and the null string to the list of "try"s - don't know if that would work. The problem I have right now is, the script doesn't run at all on my Mac :-( I'll have to get a Linux box running later and install nmap on it. Walt On May 18, 2010, at 9:08 PM, kx wrote:I have an itching suspicion it is because of the username and password nmap uses vs. metasploit Nmap: try(socket:send("USER anonymous\r\n")) try(socket:send("PASS IEUser@\r\n")) Metasploit: OptString.new('FTPUSER', [ false, 'The username to authenticate as', 'anonymous']), OptString.new('FTPPASS', [ false, 'The password for the specified username', 'mozilla () example com']) But I don't know of an ftp server to test against that nmap doesn't get a response from, but metasploit does. cheers, kx On Tue, May 18, 2010 at 9:27 AM, Ron <ron () skullsecurity net> wrote:Absolutely! I do my best to answer scripting questions here or in #nmap on freenode whenever I can. (If you do ask in #nmap on Freenode, make sure you stick around for the answer :) ). On Tue, 18 May 2010 08:31:29 -0400 Walt Scrivens <walts () gate net> wrote:This looks interesting. I'll give it a try, but I'm a total N00B at Nmap Scripting and I'm likely to have to ask a lot of questions. OK? Walt On May 17, 2010, at 7:26 PM, Ron wrote:http://eromang.zataz.com/2010/05/16/anonymous-ftp-scanning-differences-between-metasploit-and-nmap Metasploit found about twice as many anonymous FTP servers than Nmap's ftp-anon.nse script. Metasploit also says whether it's read or read/write. Improving ftp-anon.nse might be a good task for somebody who's looking to learn Nmap scripting a little. It's going to be more troubleshooting than coding, likely. Any takers? -- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-- Ron Bowes http://www.skullsecurity.org http://www.twitter.com/iagox86 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Sounds like ftp-anon needs work? Ron (May 17)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 18)
- Re: Sounds like ftp-anon needs work? Ron (May 18)
- Re: Sounds like ftp-anon needs work? kx (May 18)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 18)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 18)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? David Fifield (May 19)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
- Re: Sounds like ftp-anon needs work? David Fifield (May 19)
- Re: Sounds like ftp-anon needs work? Gutek (May 19)