Nmap Development mailing list archives
Re: GSoC 2012 Project - Vulnerability and exploitation specialist
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Thu, 29 Mar 2012 18:18:04 +0200
I've been meaning to ask about that. I am not sure if that check (check if that is really RDP we are talking to) is really necessary?
From the testing for vulnerability point of view, it's not.
Doesn't nmap already fingerprints the port? And apparently some versions of RDP return different results there. I'll try to drop that check and test the script and will send you a patch if it works. Regards, Aleksandar On Thu, Mar 29, 2012 at 1:44 PM, Djalal Harouni <tixxdz () opendz org> wrote:
On Wed, Mar 28, 2012 at 10:38:00PM -0700, David Fifield wrote:If the script finds a service that is not RDP, it marks it NOT_VULN. Is that the convention in other scripts? It seems like it should simplyNOT_VULN should only be set if we are sure that it's not vulnerable. From the doc: "NOT_VULN: The program was confirmed to be not vulnerable." I've attached a small patch, please David check it (I don't have a test machine). Currently the behaviour of vulns.lua library IIRC is: If the state is not set correctly then entries will be ignored with a debug message. make_output() will always terminate with: return stdnse.format_output(true, output) or return nil -- no entriesleave it unset in this case, because we really don't have positive confirmation that the vulnerability is not present. We have roughly the same level of knowledge as if the script had not been run.What other scripts do (at least the ones I've written): local status, err = check_service(ftp_opts = {vuln,...}) if not status then stdnse.print_debug(1, "%s: %s", SCRIPT_NAME, err) return nil end return report:make_output(ftp_opts.vuln) end of script check_service() will return false if it's not the correct service or if there was a network error, otherwise it will always return true. check_service() algo: 1) If it is not the correct service: check_service() will return false and later terminate the script with this: if not status then stdnse.print_debug(1, "%s: %s", SCRIPT_NAME, err) return nil -- terminate the script end 2) It's the right service: check_service() check the version or any returned bytes or goto (3) vuln.state = vulns.STATE.NOT_VULN or vuln.state = vulns.STATE.LIKELY_VULN Now it depends on user choice and exploitability of vulnerability or ... check_service() will return true or continue and force the check and goto (3) 3) Do the final check (or force the final check) and confirm: vuln.state = vulns.STATE.NOT_VULN or vuln.state = vulns.STATE.VULN or vuln.state = vulns.STATE.EXPLOIT or vuln.state = vulns.STATE.DoS at this point check_service() will return true unless there was a network error ... I think that this can be a good standard and it will save time, all my scripts do the same (hope they are correct :) ) check ftp-vuln-cve2010-4221.nse ... Thanks. -- tixxdz http://opendz.org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist, (continued)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Toni Ruottu (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 24)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 25)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 26)
- Message not available
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 26)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 26)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 28)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 28)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Toni Ruottu (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 24)