Nmap Development mailing list archives
Re: [RFC] Default NSE Scripts
From: "Kris Katterjohn" <katterjohn () gmail com>
Date: Sat, 10 May 2008 23:53:38 +0530
On 5/10/08, Fyodor <fyodor () insecure org> wrote:
On Sat, May 10, 2008 at 03:53:43AM +0000, Brandon Enright wrote:A few comments about your list below.Thanks Brandon, this is useful stuff!
Indeed--thanks, Brandon!
* mswindowsShell - "backdoor"Hmm, I'm not sure why this script even exists. In my experience, Windows shells are rarely on port 8888, 4444 and 44444 are much more common. Also, the script doesn't do anything that the -sV NULL probe can't match. This script should probably be demo only.Good point. In fact, we already have such a version detection probe: match winshell m/^Microsoft Windows ((2000)|(XP)|(NT 4\.0)) \[Version ([\d.]+)\]\r\n\(C\) Copyright 1985-20\d\d Microsoft Corp\.\r\n\r\n/ p/Microsoft Windows $1 $5 cmd.exe/ o/Windows/ i/**BACKDOOR**/ Removing this script sounds like the way to go, though making it demo-only is a reasonable alternative.
I'll put the script in "demo" when I start back working probably later tonight (or remove it all together if desired).
* RealVNC_auth_bypass - "backdoor"This script should be in the default category. It is no more harmful than the SSHv1 test. It doesn't exploit and buffer or anything else of that nature. It also doesn't complete the login sequence like the anonFTP script. It simply checks to see if the VNC server supports the NULL authentication option.Sounds like a good argument to me.
Sounds good to me, too. I'll add that to the default list.
Cheers, -F
Thanks, Kris Katterjohn _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Default NSE Scripts Kris Katterjohn (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Brandon Enright (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Brandon Enright (May 09)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Fyodor (May 09)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Fyodor (May 10)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 10)
- Re: [RFC] Default NSE Scripts Daniel Roethlisberger (May 12)
- Re: [RFC] Default NSE Scripts Arturo 'Buanzo' Busleiman (May 12)
- Re: [RFC] Default NSE Scripts Fyodor (May 12)
- Re: [RFC] Default NSE Scripts Fyodor (May 12)
- Re: [RFC] Default NSE Scripts Kris Katterjohn (May 12)