Nmap Development mailing list archives
Re: BackOrifice service probe
From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Apr 2011 19:30:07 -0700
On Thu, Apr 07, 2011 at 01:26:39AM +0200, Gorjan Petrovski wrote:
I've attached a file containing the updated BackOrifice with much more information. I hope it's enough. I wasn't sure if I should include the information in the mail or in the file. I've set the match rule to recognize the server which I'm using at the moment. It uses the maximum available characters which can be reliably used and using those it recognizes version 1.20.
Thank you Gorjan, I have added this new probe. The match line skips 9 bytes. The first four bytes are a length and the next four are an ID. The ninth is an operation type--shouldn't we include that as part of the match? What is that byte in the response that your server sends?
A script would be much more flexible, since we could decrypt the whole packages and get the hostname too which is included in the ping reply. What do you guys think, should we use a script instead?
If you have a good script, then we can replace this service probe with it. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: GSoC 2011: NSE Script Development, (continued)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- BackOrifice service probe David Fifield (Apr 06)
- Re: BackOrifice service probe Brandon Enright (Apr 06)
- Re: BackOrifice service probe Gorjan Petrovski (Apr 06)
- Re: BackOrifice service probe Toni Ruottu (Apr 06)
- Re: BackOrifice service probe Brandon Enright (Apr 06)
- Re: BackOrifice service probe Toni Ruottu (Apr 06)
- Re: BackOrifice service probe David Fifield (Apr 06)
- Re: BackOrifice service probe Toni Ruottu (Apr 06)
- Re: BackOrifice service probe David Fifield (Apr 18)
- Re: BackOrifice service probe Gorjan Petrovski (Apr 19)
- Re: BackOrifice service probe David Fifield (Apr 19)
- Re: BackOrifice service probe Gorjan Petrovski (Apr 20)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 09)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)