Nmap Development mailing list archives
Wai Tuck's GSOC status report #8 of 17
From: Wong Wai Tuck <wongwaituck () gmail com>
Date: Tue, 04 Jul 2017 06:55:38 +0000
Hey list, Accomplishments - Finished Puppet Script, made a PR - #928 [1] - Submitted a long email containing the details for the upcoming pwdprofile integration with unpwdb and pwdmangle, you can check it out here [2] and comment on it if you haven't seen it already! - Added file verification functionality to see if the correct file was included for the lfi checks in exploit.lua Priorities - Add more file signatures to the file verification functionality - Start work on pwdprofile and pwdmangle once feedback from the community is received - Explore adding XSS payloads and SQL payloads into exploit.lua - Write an exploit script (I have a bunch of ASUS routers and am looking at CVE-2017-6548 [3] now) [1]: https://github.com/nmap/nmap/pull/928 [2]: http://seclists.org/nmap-dev/2017/q3/0 [3]: https://www.exploit-db.com/exploits/41573/ Thanks! Wai Tuck On Tue, Jun 27, 2017 at 4:23 AM Wong Wai Tuck <wongwaituck () gmail com> wrote:
Hey all! I have received some feedback for exploit.lua and have looked at several scripts and now I have a much clearer idea of what to write in the coming weeks. This week has been productive and I had a lot of great fun working with Puppet! Accomplishments - Wrote and committed http-vuln-cve2017-8917.nse as of revision 36825. - Wrote a script to detect the naive signing misconfiguration in Puppet servers - Wrote some improvements for http-passwd, waiting for mentor's feedback Priorities - Complete Puppet misconfiguration script - Complete http-passwd improvements - Continue development of exploit.lua - Start work on password profiling and password mangling With Regards Wai Tuck
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Wai Tuck's GSOC status report #8 of 17 Wong Wai Tuck (Jul 03)
- Wai Tuck's GSOC status report #9 of 17 Wong Wai Tuck (Jul 10)