Nmap Development mailing list archives
Re: [NSE] Detection of ProFTPD backdoor
From: David Fifield <david () bamsoftware com>
Date: Mon, 6 Dec 2010 16:25:17 -0800
On Mon, Dec 06, 2010 at 05:16:06PM -0600, Mak Kolybabi wrote:
I've attached a script to detect the ProFTPD backdoor. I submit it here for (hopefully) inclusion into Nmap. I have tested it both on a backdoored, and a non-backdoored version of ProFTPD 1.3.3c. Comments, concerns, criticism, and testing are appreciated.
Awesome, Mak! This one had been on my mind since I saw it in the new VA modules listing a few days ago. It's pretty simple and looks correct to me so I've added it. I changed the name from proftpd-backdoor to ftp-proftpd-backdoor to match the pattern that's been established with irc-unrealircd-backdoor.
-- Check version. if not resp:match("ProFTPD 1.3.3c") then stdnse.print_debug(1, "This version is not known to be backdoored.") return end
I guess this could also happen in the portrule instead of the action, but that would require version detection to be run every time. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 10)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 11)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 12)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)