Bug in anonFTP.nse

[David Fifield <david () bamsoftware com>]

Hi,

Sometimes the anonFTP.nse script fails because it sometimes reads more
than one line at a time and misses a status code. Here I have exceprted
the relevant parts of the --script-trace output.

$ nmap -p ftp --script anonFTP --script-trace target
SCRIPT ENGINE: TCP X.X.X.X:1289 > Y.Y.Y.Y:21 | CONNECT
NSOCK (0.2110s) Write request for 16 bytes to IOD #1 EID 19 [Y.Y.Y.Y:21]: USER anonymous..
NSOCK (0.2120s) Write request for 14 bytes to IOD #1 EID 27 [Y.Y.Y.Y:21]: PASS IEUser@..
NSOCK (0.2140s) Callback: READ SUCCESS for EID 34 [Y.Y.Y.Y:21] (20 bytes): 220 (vsFTPd 2.0.5)..
NSOCK (0.2140s) Callback: READ SUCCESS for EID 42 [Y.Y.Y.Y:21] (34 bytes): 331 Please specify the password...
NSOCK (0.2160s) Callback: READ SUCCESS for EID 50 [Y.Y.Y.Y:21] (23 bytes): 230 Login successful...
Interesting ports:
PORT   STATE SERVICE
21/tcp open  ftp
|_ Anonymous FTP: FTP: Anonymous login allowed

However if I change the scan a little,

$ nmap -p ftp,https -sC --script-trace
SCRIPT ENGINE: TCP X.X.X.X:2337 > Y.Y.Y.Y:21 | CONNECT
NSOCK (0.2870s) Write request for 16 bytes to IOD #1 EID 83 [Y.Y.Y.Y:21]: USER anonymous..
NSOCK (0.2900s) Write request for 14 bytes to IOD #1 EID 131 [Y.Y.Y.Y:21]: PASS IEUser@..
NSOCK (0.2980s) Callback: READ SUCCESS for EID 178 [Y.Y.Y.Y:21] (77 bytes): 220 (vsFTPd 2.0.5)..331 Please specify the 
password...230 Login successful...
Interesting ports:
PORT    STATE SERVICE
21/tcp  open  ftp
443/tcp open  https
|_ SSLv2: server still supports SSLv2
|_ HTML title: Site doesn't have a title.

Notice how all replies came back on one line, so the script didn't get
the /^230/ it was looking for.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org