Nmap Development mailing list archives
Re: backorifice-brute NSE script
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Wed, 4 May 2011 22:44:35 +0300
This problem is similar to something I encountered earlier. I felt I needed an assumptions system, so I could tell nmap "assume that this host is running BackOrifice on port 12300", which would mark that port, as if it had backorifice, but the reason would be "assumed" until the fact had been confirmed by something else. Maybe one day we could have a system like that, but it requires careful design. I think it would also be cool, if script could mark their assumptions during a scan. For example some script that accesses netstat remotely might be able to tell that "port 12300 probably has backorifice", and it would be cool if it could record this assumption, to trigger backorifice-brute against that port. However, at the moment the correct way to do this is using shortport.port_or_service(31337, "BackOrifice","udp") just like you said, and if someone wishes to run the script against 12300, he needs to modify the port number in the script. This should be fairly easy for an experienced user. You do not need super user rights, as you can copy the script over to the working directory before you modify it. On Wed, May 4, 2011 at 7:45 PM, Gorjan Petrovski <mogi57 () gmail com> wrote:
And since the service can be configured to run on any port, what kind of a rule should initiate this script? If I use shortport.port_or_service(31337, "BackOrifice","udp"), it won't be able to run on any port, and this script will be the main one to identify a BackOrifice service running on any port. The probe is no good, because it only works with default encryption (initial seed 31337) on port 31337. On Wed, May 4, 2011 at 6:30 PM, Patrick Donnelly <batrick () batbytes com> wrote:On Wed, May 4, 2011 at 9:11 AM, Gorjan Petrovski <mogi57 () gmail com> wrote:Should a brute script update version info?Probably not. I think backorifice-version would be more appropriate if possible.So, with above answer in mind, should backorifice-brute update version info if it finds the password?Yes, definitely. Thanks for explaining. -- - Patrick Donnelly_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- backorifice-brute NSE script Gorjan Petrovski (May 02)
- Re: backorifice-brute NSE script Patrick Donnelly (May 02)
- Re: backorifice-brute NSE script David Fifield (May 02)
- Re: backorifice-brute NSE script Daniel Miller (May 02)
- Re: backorifice-brute NSE script Patrik Karlsson (May 03)
- Re: backorifice-brute NSE script Patrik Karlsson (May 09)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script David Fifield (May 02)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script Patrick Donnelly (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 04)
- Re: backorifice-brute NSE script Toni Ruottu (May 04)
- Re: backorifice-brute NSE script Patrick Donnelly (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 05)
- Re: backorifice-brute NSE script Patrick Donnelly (May 02)
- Re: backorifice-brute NSE script Toni Ruottu (May 04)
- Re: backorifice-brute NSE script Gorjan Petrovski (May 05)