Nmap Development mailing list archives
Re: Jiayi's Status Report - #17 of 17
From: Fyodor <fyodor () nmap org>
Date: Mon, 14 Sep 2015 13:22:36 -0700
On Sun, Aug 23, 2015 at 6:03 PM, Jiayi Ye <yejiayily () gmail com> wrote:
It was great to take part in GSoC. It was a fun summer.
Thanks Jiayi. We all enjoyed working with you too!
Here are what I accomplished and what I will do next.
This is a great summary and helps us in trying to make sure that as much as possible can be integrated into the Nmap trunk where it can benefit millions of Nmap users. Regarding that:
* Tor-consensus-check (NEW): This script works by using
I think this one is already all integrated! *
smtp-vuln-cve2015-0235 (NEW): This script checks for and/or exploits a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems (CVE-2015-0235) that run the Exim mail server. I finished the detection part to report vuln CVE 2015-0235 in Exim mail server, besides, I wrote the part of information leak, but I failed to perform successful exploitation in my vulnerability environment.
How about removing the (not fully working) exploitation part and then checking in just the version of the script which does the vuln check? And then you could integrate the rest if and when it's working? *
vulscan (UPDATE): This script attempts to discover vulnerabilities by matching information from the version detection engine with databases such as CVE, ExploitDB and Scipvuldb. I updated the script in the following aspects.
I haven't looked at this one real closely yet. *
http-vuln-cve2015-1635 (UPDATE): This script checks for a remote code execution vulnerability (MS15-034) in Microsoft Windows systems (CVE2015-2015-1635). And I updated http-vuln-cve2015-1635 to perform reliable information disclosure by trying different byte ranges.
Great. If you and Paulino agree that this is ready to check in, please do so.
* smb-check-vulns.nse (UPDATE): I split the script into six scripts ( https://github.com/nmap/nmap/issues/171) and ported these vulnerability scripts to the vulns library. Besides, I set vulnerability environment for each of them and tested the splitted scripts in different vuln environment.
Nice! Dan was telling me how valuable he thought this sort of reorganization would be. I think he's going to take a look at it and provide feedback.
NSELIB: * I spent a amount of time on implementing functionality related to SMB2 protocol. At first I wrote a sperated lib named smb2.lua. Then I combined smb2.lua with current smb.lua.
This may actually turn out to be the most valuable of all your contributions this summer. Neither Dan nor I have very much SMB2 expertise, but Dan said he'd at least take a look soon. It's of course encouraging that you've tested it on both Windows and Samba SMB servers. This is a lot of good stuff and I just want to make sure that as much as possible can make that final but crucial Nmap integration step. Cheers, Fyodor
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Jiayi's Status Report - #17 of 17 Jiayi Ye (Aug 23)
- Re: Jiayi's Status Report - #17 of 17 Fyodor (Sep 14)
- Re: Jiayi's Status Report - #17 of 17 Paulino Calderon (Sep 14)
- Re: Jiayi's Status Report - #17 of 17 Daniel Miller (Sep 15)
- Re: Jiayi's Status Report - #17 of 17 Paulino Calderon (Sep 16)
- Re: Jiayi's Status Report - #17 of 17 Daniel Miller (Sep 16)
- Re: Jiayi's Status Report - #17 of 17 Paulino Calderon (Sep 25)
- Re: Jiayi's Status Report - #17 of 17 Paulino Calderon (Sep 14)
- Re: Jiayi's Status Report - #17 of 17 Fyodor (Sep 14)