Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE / nsock library questions

From: "Eddie Bell" <ejlbell () gmail com>
Date: Thu, 22 May 2008 22:06:18 +0100
I remember this coming up before,

http://seclists.org/nmap-dev/2007/q2/0319.html

As doug points out, it is possible but will play havoc with the parallelization

- eddie

2008/5/22 Thomas Buchanan <TBuchanan () thecompassgrp net>:

I'll pose the questions first, and then provide a little background in
case it helps.

1.  Does NSE or nsock allow you to create and open a socket for
(inbound) listening, rather than for (outbound) connections?

2.  Does NSE allow you to specify the originating port or port range
that you would like to use for sockets?  More specifically, can I tell
it that the outbound connection needs to originate from a "privileged"
port (<1023)?

Here's the background: I'm looking into creating an NSE script to
extract information from hosts running the rshd (remote shell) service.
If I understand the protocol correctly, the client system opens a
connection to the rshd service (must be from a privileged port) and
sends a null terminated ASCII string.  This string is interpreted by the
server as a port number on the client system, which the server will
attempt a connection to (this is why I need to create a listening port).
This port must also be a privileged port.  The client then sends the
user and command information over the first established connection,
while the server sends responses back over the second established
connection.

I can't see any way to accomplish this using the current set of
NSE/nsock functionality, and I'm afraid I'm not too keen to dig into raw
sockets / pcap unless I absolutely have to.

Are there any other situations where it might be of value to be able to
create listening sockets?  Given the recent discussion about Nessus, and
the expressed interest in building Nmap's profile in the vulnerability
scanning field, I wonder if this functionality might be helpful to
others as well.

Thanks,

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: