Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: David Fifield <david () bamsoftware com>
Date: Wed, 19 May 2010 13:28:58 -0600
On Wed, May 19, 2010 at 05:03:59PM +0100, Rob Nicholls wrote:
On Wed, 19 May 2010 10:03:57 -0500, Ron <ron () skullsecurity net> wrote:There's obviously some logic bug that's cropping up. This is kind ofugly.:)A quick look at the script shows it only checks the first returned line for a 230 code, but that sounds fairly correct. I did a quick test of some GNU FTP Mirror servers and found one that the script consistently fails against, but command line FTP works (even with the same IEUser@ credentials that Nmap sends). I suspect the issue is caused by the password being sent immediately after the username, rather than waiting for the server to respond requesting the password. By sending the password straightaway the first response that Nmap sees might be "331 Please specify the password" (or similar), causing the script to fail to spot the 230 that's returned on the next line. I've attached a version of ftp-anon.nse (and corresponding patch) that checks that the server requests a password before sending the password, which seems to fix the issue against the FTP server I was having trouble with (now they all consistently and correctly return that it's allowed). Does this improve things for anyone/everyone else?
Looks good, and good job on the research. The patch requires a 331 response and only a 331 response after USER; the Metasploit code accepts 331 or any 2?? code. I recommend this procedure: 1. Send USER. 2. Read a single line and ignore it. (Check for a socket error.) 3. Send PASS. 4. Read lines, checking for any 2?? reply. Optionally, in step 2, you could check for an error code and avoid sending the PASS, but there is something to be said for trying it anyway. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Sounds like ftp-anon needs work?, (continued)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
- Re: Sounds like ftp-anon needs work? Ron (May 19)
- Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
- Re: Sounds like ftp-anon needs work? David Fifield (May 19)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
- Re: Sounds like ftp-anon needs work? David Fifield (May 19)
- Re: Sounds like ftp-anon needs work? Gutek (May 19)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? David Fifield (May 20)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? Ron (May 20)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 22)
- Re: Sounds like ftp-anon needs work? Gutek (May 22)