Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: Walt Scrivens <walts () gate net>
Date: Wed, 19 May 2010 15:20:14 -0400
That works great, Rob. Thanks. BTW I did this using 5.21, rather than the beta version, which still won't run as root. That's a different topic, however. Walt On May 19, 2010, at 12:03 PM, Rob Nicholls wrote:
On Wed, 19 May 2010 10:03:57 -0500, Ron <ron () skullsecurity net> wrote:There's obviously some logic bug that's cropping up. This is kind ofugly.:)A quick look at the script shows it only checks the first returned line for a 230 code, but that sounds fairly correct. I did a quick test of some GNU FTP Mirror servers and found one that the script consistently fails against, but command line FTP works (even with the same IEUser@ credentials that Nmap sends). I suspect the issue is caused by the password being sent immediately after the username, rather than waiting for the server to respond requesting the password. By sending the password straightaway the first response that Nmap sees might be "331 Please specify the password" (or similar), causing the script to fail to spot the 230 that's returned on the next line. I've attached a version of ftp-anon.nse (and corresponding patch) that checks that the server requests a password before sending the password, which seems to fix the issue against the FTP server I was having trouble with (now they all consistently and correctly return that it's allowed). Does this improve things for anyone/everyone else? Rob<ftp-anon.nse><ftp-anon-check-password.patch>_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Sounds like ftp-anon needs work?, (continued)
- Re: Sounds like ftp-anon needs work? kx (May 18)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? David Fifield (May 19)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
- Re: Sounds like ftp-anon needs work? David Fifield (May 19)
- Re: Sounds like ftp-anon needs work? Gutek (May 19)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? David Fifield (May 20)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? Ron (May 20)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 22)