Nmap Development mailing list archives
Re: GSoC 2011: NSE Script Development
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Wed, 6 Apr 2011 16:29:29 +0200
Hello, I have a working backorifice-info script now, but there are a few details that need to be modified and for that I will need your help. Please find it in the attachment. Any and all comments and critiques are welcomed. I could supply a public virtual machine (with a limited bandwidth) with the service installed if needed. A quick use command: nmap -sn -Pn --script ./backorifice-info.nse --script-args 'backorifice-info.port=<port_number>,backorifice-info.password=<password>' <target> The sample output is copied directly from console. As you can see the output is not formatted yet, however I've organized the script so that adding more commands, and formatting the output should be pretty simple (adding rows to the "cmds" table and a formatting function). I'm going to do this right after this mail is sent. If there is no information about a certain category (ex. no plugins installed), should the script return no information at all in that category, or should it return info that there are no plugins installed? The BackOrifice service listens on a UDP port and every packet is encrypted, even if a password is not supplied. The service is easily configurable to any port and any password, so the only way to reliably detect it would be to send an encrypted command with the correct password to the specific port. Currently the script gets the port number as an explicit argument and it just doesn't feel right. Having these things in mind, should I tie it to a portrule with the default port - 31337, as well as a hostrule? Should I tie it to OS detection? Which categories should I add it to? I'll update the Script_Ideas page with the output as soon as I define it. Cheers, Gorjan On Tue, Apr 5, 2011 at 4:04 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
Thanks. I actually got it working with a small optimization before I checked my mail. Sorry for the fuss. On Tue, Apr 5, 2011 at 5:36 AM, David Fifield <david () bamsoftware com> wrote:On Tue, Apr 05, 2011 at 04:31:20AM +0200, Gorjan Petrovski wrote:I'm currently implementing the encryption for the backorifice-info script, and I have a problem with the multiplication of numbers which are too large for lua. Is there currently a workaround for that kind of problem in Nmap, like lua-bc http://penlight.luaforge.net/packages/lbc.html , or should I just hack around some kind of multiplication function which will do the trick for me?There are bignum routines in the openssl library. Unfortunately I don't see a multiply function, but that's probably because we just haven't defined a binding to it. So I would say, see if you can add a binding in nse_openssl.cc (you can probably mostly copy the l_bignum_add function). David Fifield
Attachment:
backorifice-info.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 02)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 02)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 02)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 02)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 03)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 03)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 03)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 04)
- Re: GSoC 2011: NSE Script Development David Fifield (Apr 04)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 05)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 06)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development David Fifield (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- BackOrifice service probe David Fifield (Apr 06)
- Re: BackOrifice service probe Brandon Enright (Apr 06)
- Re: BackOrifice service probe Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 02)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 02)