Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: Fyodor <fyodor () insecure org>
Date: Sat, 29 May 2010 15:48:13 -0700
On Thu, May 27, 2010 at 08:49:39PM -0600, David Fifield wrote:
On Sat, May 22, 2010 at 06:48:08PM +0200, Gutek wrote:Something like try(socket:send("MKD testdir\r\n")) while statusRights do statusRights, resultRights = socket:receive_lines(1); for rightsLine in resultRights:gmatch("[^\r\n]+") do if string.match(rightsLine, "^2") and status then try(socket:send("RMD testdir\r\n")) -- some code adding Writeable to the results end end endI don't really like the idea of testing for read-write. What if the server lets you create a directory, but not delete it? I think this could be a common configuration for file-swapping servers that allow creating files anonymously but not deleting them. Nmap would leave a bunch of empty directories around.
I agree that for a "default", "safe" script like ftp-anon, the MKD technique might be a bit aggressive. However, detecting writeable FTP directories can be quite useful. Perhaps it could be made into its own ftp-write script which potentially could not only check the root directory, but also subdirectories. It might let you choose whether to test directory creation or file upload as well. After all, many FTP sites have traditonally held a read-only root dir while allowing uploads to /incoming. I think that become much less prevalent after nonstop abuse from warez kiddies in the '90s. But many sites are still affected by choice or accident, so detecting writeable directories would be a great feature to have. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RE: Sounds like ftp-anon needs work?, (continued)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? David Fifield (May 20)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
- Re: Sounds like ftp-anon needs work? Ron (May 20)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 22)
- Re: Sounds like ftp-anon needs work? Gutek (May 22)
- Re: Sounds like ftp-anon needs work? SM (May 23)
- Re: Sounds like ftp-anon needs work? David Fifield (May 27)
- Re: Sounds like ftp-anon needs work? Ron (May 27)
- Re: Sounds like ftp-anon needs work? Fyodor (May 29)
- Re: Sounds like ftp-anon needs work? Gutek (May 29)
- Re: Sounds like ftp-anon needs work? Richard Miles (May 30)
- Re: Sounds like ftp-anon needs work? Fyodor (May 30)
- Re: Sounds like ftp-anon needs work? David Fifield (May 31)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- Re: Sounds like ftp-anon needs work? Gutek (Jun 01)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 04)