Wai Tuck's GSOC status report #10 of 17

[Wong Wai Tuck <wongwaituck () gmail com>]

Hey all!

Accomplishments
- Set up an OS X box to test LFI library, wanted to test with a bunch of
real Mac OS X's but I did not manage to scan it in school...
- Started refactoring scripts for inclusion with the exploit library pull
request, the refactoring for get_script_args is done, for the following
scripts:
ftp-proftpd-backdoor.nse
ftp-vsftpd-backdoor.nse
jdwp-exec.nse
irc-unrealircd-backdoor.nse
http-vuln-cve2012-1823.nse
http-vuln-cve2014-8877.nse
http-vuln-cve2014-3704.nse
- Started refactoring for the LFI checking but still takes time, as I
encountered an issue with support for POST support (particularly with the
script http-phpmyadmin-dir-traversal.nse
<https://svn.nmap.org/nmap/scripts/http-phpmyadmin-dir-traversal.nse>) and
am currently implementing a workaround to support more general requests.

Priorities
- Finish up refactoring for LFI
- Write exploit script CVE-2017-6548
- Start work on pwdprofile

With Regards
Wai Tuck

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/