Nmap Development mailing list archives
GSoC 2012 Project - Vulnerability and exploitation specialist
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 23 Mar 2012 22:36:06 +0100
Hi, I am Aleksandar Nikolic, a final year Computer Science student at Faculty Of Technical Sciences, University of Novi Sad. I have certain experience in vulnerability and exploit research, and would like to apply for a position of a Script developer- Vulnerability and exploitation specialist in the following Google Summer Of Code. Since student applications haven't started yet I won't talk a lot about myself now, but guidelines from Google suggest to try to contact the community and possibly discuss the project. In an attempt to prepare for the application and to get familiar with nmap's scripting engine I wrote a script to test for recent Windows RDP vulnerability. Everybody is talking about the vulnerability and until today I was unaware of a way to check if a machine is vulnerable or not without causing the BSoD. My script is based on work by sleepya . His tests are crafted in a way that would avoid triggering the BSoD. Please see the attached code for details. Of course, this script would need to be thoroughly tested, but my tests have shown that it works, at least on Windows XP. Also, I've just started playing with NSE and wanted to share this with you since it is a hot topic currently. Please let me know if I should make some improvements. I hope that you will find it useful. On topic, do you have any suggestions for me regarding the application for this position? Thank you, Aleksandar Nikolic
Attachment:
rdp-ms12-020.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Toni Ruottu (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 24)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 25)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 26)
- Message not available
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 26)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 26)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 28)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 28)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 24)