Nmap Development mailing list archives
Re: BackOrifice service probe
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Wed, 20 Apr 2011 01:46:03 +0200
Hi, Thanks for the reply.
Thank you Gorjan, I have added this new probe. The match line skips 9 bytes. The first four bytes are a length and the next four are an ID. The ninth is an operation type--shouldn't we include that as part of the match? What is that byte in the response that your server sends?
The usage of that byte when a command is sent from the client is to specify command type (ex. ping, process kill, process list, etc). According to the client source, when a packet is sent from the server as a reply, the type is only used to define whether the packet is a single packet or a stream of multiple packets. The probe sends a PING_TYPE packet, and the reply is nothing else but a single packet. However, since I have no access to the server source code I cannot reliably say whether the type that the server returns isn't combined with some other info, so I chose not to rely on it for identification.
If you have a good script, then we can replace this service probe with it.
I'll have the script soon. Gorjan Petrovski _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: GSoC 2011: NSE Script Development, (continued)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- BackOrifice service probe David Fifield (Apr 06)
- Re: BackOrifice service probe Brandon Enright (Apr 06)
- Re: BackOrifice service probe Gorjan Petrovski (Apr 06)
- Re: BackOrifice service probe Toni Ruottu (Apr 06)
- Re: BackOrifice service probe Brandon Enright (Apr 06)
- Re: BackOrifice service probe Toni Ruottu (Apr 06)
- Re: BackOrifice service probe David Fifield (Apr 06)
- Re: BackOrifice service probe Toni Ruottu (Apr 06)
- Re: BackOrifice service probe David Fifield (Apr 18)
- Re: BackOrifice service probe Gorjan Petrovski (Apr 19)
- Re: BackOrifice service probe David Fifield (Apr 19)
- Re: BackOrifice service probe Gorjan Petrovski (Apr 20)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 09)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)
- Re: GSoC 2011: NSE Script Development Toni Ruottu (Apr 06)
- Re: GSoC 2011: NSE Script Development Gorjan Petrovski (Apr 06)