Re: Sounds like ftp-anon needs work?

[Walt Scrivens <walts () gate net>]

That works great, Rob.  Thanks.

BTW I did this using 5.21, rather than the beta version, which still won't run as root.  That's a different topic, 
however.

Walt

On May 19, 2010, at 12:03 PM, Rob Nicholls wrote:

> On Wed, 19 May 2010 10:03:57 -0500, Ron <ron () skullsecurity net> wrote:
> > There's obviously some logic bug that's cropping up. This is kind of
> ugly.
> > :)
>
> A quick look at the script shows it only checks the first returned line
> for a 230 code, but that sounds fairly correct.
>
> I did a quick test of some GNU FTP Mirror servers and found one that the
> script consistently fails against, but command line FTP works (even with
> the same IEUser@ credentials that Nmap sends).
>
> I suspect the issue is caused by the password being sent immediately after
> the username, rather than waiting for the server to respond requesting the
> password. By sending the password straightaway the first response that Nmap
> sees might be "331 Please specify the password" (or similar), causing the
> script to fail to spot the 230 that's returned on the next line.
>
> I've attached a version of ftp-anon.nse (and corresponding patch) that
> checks that the server requests a password before sending the password,
> which seems to fix the issue against the FTP server I was having trouble
> with (now they all consistently and correctly return that it's allowed).
> Does this improve things for anyone/everyone else?
>
> Rob<ftp-anon.nse><ftp-anon-check-password.patch>_______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/