Nmap Development mailing list archives
Re: Regarding VMWare and OpenSSH vulns
From: stripes <stripes () tigerlair com>
Date: Sat, 23 Jun 2012 16:46:16 -0400
Thanks for doing this. Kinda got caught up at work and couldn't attend the last meeting. [deletia]
I've looked into metasploit's vmware scripts, and only two pre-auth scripts are vmauth brute, which we already have, and ESX fingerprinting which I've discussed above. I must say that I'm somewhat disappointed as I can't say that any of these vulns would be suitable for NSE scripts. Maybe the original author of the idea on the ScriptIdeas page has some further ideas?
That would be me. Unfortunately, no. I thought more of them wuld be remotely exploitable or easier to detect :(
There is really only one problem here. There weren't that many OpenSSH vulns in the past 10 years. Only vuln I could find that might be suitable for NSE script and wasn't more than 10 years old was Tavis Ormandy's CRC DoS vuln from 2006 which would very well be detected by version matching. Believe me, I am as sad as you are that there are no more OpenSSH vulns... Again, if the original idea author has some specific ideas, please share.
I guess I'll go back to testing and see what other ideas. If nothing looks like it'll work for SSH or VMware, feel free to nix them. Figured it was worth a shot, but thanks for checking. My thoughts were that even with the older vulns, there are still people running SSH implementations that are version 1, but we fingerprint those in Namp already--so there's probably no point to try to check for the CRC-32. -Anne -- If you don't know there's a (\`--/') _ _______ .-r-. trampoline in the room, you're >.~.\ `` ` `,`,`. ,'_'~`. not going to dust the ceiling for (v_," ; `,-\ ; : ; \/,-~) \ fingerprints. -Law & Order:SVU `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Regarding VMWare and OpenSSH vulns Aleksandar Nikolic (Jun 23)
- Re: Regarding VMWare and OpenSSH vulns Aleksandar Nikolic (Jun 23)
- Re: Regarding VMWare and OpenSSH vulns stripes (Jun 23)