Re: Sounds like ftp-anon needs work?

[Fyodor <fyodor () insecure org>]

On Thu, May 27, 2010 at 08:49:39PM -0600, David Fifield wrote:
> On Sat, May 22, 2010 at 06:48:08PM +0200, Gutek wrote:
> > Something like
> > try(socket:send("MKD testdir\r\n"))
> > while statusRights do
> >                     statusRights, resultRights = socket:receive_lines(1);
> >                     for rightsLine in resultRights:gmatch("[^\r\n]+") do
> >                           if string.match(rightsLine, "^2") and status then
> >                                                                        try(socket:send("RMD testdir\r\n"))
> >                                                                        -- some code adding Writeable to the results
> >                           end
> >                     end
> >
> > end
>
> I don't really like the idea of testing for read-write. What if the
> server lets you create a directory, but not delete it? I think this
> could be a common configuration for file-swapping servers that allow
> creating files anonymously but not deleting them. Nmap would leave a
> bunch of empty directories around.

I agree that for a "default", "safe" script like ftp-anon, the MKD
technique might be a bit aggressive.  However, detecting writeable FTP
directories can be quite useful.  Perhaps it could be made into its
own ftp-write script which potentially could not only check the root
directory, but also subdirectories.  It might let you choose whether
to test directory creation or file upload as well.  After all, many
FTP sites have traditonally held a read-only root dir while allowing
uploads to /incoming.  I think that become much less prevalent after
nonstop abuse from warez kiddies in the '90s.  But many sites are
still affected by choice or accident, so detecting writeable
directories would be a great feature to have.

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/