Nmap Development mailing list archives
Re: [NSE] nfs-ls script feedbacks, was: [nmap-svn] r17816 - nmap-exp/djalal/scripts
From: Djalal Harouni <tixxdz () gmail com>
Date: Thu, 10 Jun 2010 20:13:56 +0100
On 2010-06-07 16:18:09 -0700, Fyodor wrote:
On Thu, Jun 03, 2010 at 05:15:56PM -0700, commit-mailer () insecure org wrote:Author: djalal Log: Default action now for nfs-ls script is to list NFS exports with their access controls. Modified: nmap-exp/djalal/scripts/nfs-ls.nse Modified: nmap-exp/djalal/scripts/nfs-ls.nse ============================================================================== --- nmap-exp/djalal/scripts/nfs-ls.nse (original) +++ nmap-exp/djalal/scripts/nfs-ls.nse Thu Jun 3 17:15:56 2010 @@ -6,25 +6,21 @@ -- @output -- PORT STATE SERVICE -- 111/tcp open rpcbind --- | nfs-ls: --- | /home/storage/backup (1) --- | www.cqure.net --- | /home (5) --- | admin --- | lost+found --- | patrik --- | storage --- |_ web +-- | nfs-ls: +-- | /tmp +-- | mode: drwxrwxrwx uid: 0 gid: 0 +-- | /home/storage/backup +-- |_ mode: drwxr-xr-x uid: 0 gid: 0
Hi, I've committed some patches to the rpc.lua and nfs-ls code. The current output of the script is: PORT STATE SERVICE 111/tcp open rpcbind | nfs-ls: | Arguments: | maxfiles: 10 (file listing output limited), time = atime | NFS Export /tmp: | drwxrwxrwx uid: 0 gid: 0 4.0K Jun 06 18:20:42 2010 /tmp | srwxr-xr-x uid: 0 gid: 0 0.0B Jun 10 10:08:28 2010 wpa_ctrl_22880-1 | NFS Export /home/storage/backup: | drwxr-xr-x uid: 1000 gid: 100 4.0K Jun 10 11:42:41 2010 /home/storage/backup | -rw-r--r-- uid: 1000 gid: 1002 0.0B Jun 10 08:34:32 2010 filetest | drwx------ uid: 1000 gid: 100 16.0K Feb 05 17:05:34 2010 lost+found | drwxrwxr-x uid: 1000 gid: 100 4.0K Mar 27 19:08:40 2010 net_packet | -rw-r--r-- uid: 0 gid: 0 5.0B Jun 10 11:32:59 2010 rootfile |_ lrwxrwxrwx uid: 1000 gid: 1002 8.0B Jun 10 08:34:59 2010 symlink these lines: | Arguments: | maxfiles: 10 (file listing output limited), time = atime are only shown if the verbose mode is used. This new script uses the ReadDirPlus procedure so for the moment there is only support for NFSv3. Also recursion through directories is beeing implemented. The attributes show by this script are the local based system file attributes as they are returned by: GETATTR READDIRPLUS etc procedures. These permissions may differ from the NFS permissions which are defined in the /etc/exports, so even if you can mount an export as uid 1000 and the GETATTR shows that uid 1000 has read/write access you can't modify the system if it is exported ro (readonly) by NFS exportfs. To determine the current access rights of the user who mounted the remote NFS export point we must use the ACCESS procedure coupled with a bit mask of the permissions to check. The current script takes two arguments: nfs-ls.maxfiles: takes a number to limit the amount of file listing. nfs-ls.mactime: "m" or "a" or "c" one of the mactimes to use in the output. So any feedbacks about the output (remove uid or gid) or if you can propose a better output, or a better methode/trick to perform some of the NFS scans, pls speak up. Keep in mind that this script is for discovery, perhaps we'll have another intrusive NFS script to find files by permissions, write issues etc. thx.
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- tixxdz _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r17816 - nmap-exp/djalal/scripts Fyodor (Jun 07)
- Re: [NSE] nfs-ls script feedbacks, was: [nmap-svn] r17816 - nmap-exp/djalal/scripts Djalal Harouni (Jun 10)
- Re: [NSE] nfs-ls script feedbacks, was: [nmap-svn] r17816 - nmap-exp/djalal/scripts Richard Miles (Jun 10)
- Re: [NSE] nfs-ls script feedbacks, was: [nmap-svn] r17816 - nmap-exp/djalal/scripts Djalal Harouni (Jun 12)
- Re: [NSE] nfs-ls script feedbacks, was: [nmap-svn] r17816 - nmap-exp/djalal/scripts Patrik Karlsson (Jun 12)
- Re: [NSE] nfs-ls script feedbacks Djalal Harouni (Jun 13)
- Re: [NSE] nfs-ls script new version Djalal Harouni (Jun 29)
- Re: [NSE] nfs-ls script feedbacks, was: [nmap-svn] r17816 - nmap-exp/djalal/scripts Richard Miles (Jun 10)
- Re: [NSE] nfs-ls script feedbacks, was: [nmap-svn] r17816 - nmap-exp/djalal/scripts Djalal Harouni (Jun 10)