Re: Ncrack discussion

[ithilgore <ithilgore.ryu.l () gmail com>]

jah wrote:
> On 14/05/2009 21:27, ithilgore wrote:
> > However, using brackets will involve having to escape them in most shells. Since
> > we want to avoid that, another character might be more appropriate. What about
> > using slashes?
> I suggested brackets because Nmap allows their use in port specification:
> nmap -p [-1024]

It does, but that doesn't mean that it is safe to do so. Nmap's man page
mentions that:

"Ranges of ports can be surrounded by square brackets to indicate ports inside
that range that appear in nmap-services. For example, the following will scan
all ports in nmap-services equal to or below 1024: -p [-1024]. Be careful with
shell expansions and quote the argument to -p if unsure."

Brackets are used in most shells as character-class regular expression matchers.


> to mean (in this case) TCP ports listed in nmap-services up-to and
> including port 1024.  I wasn't aware that they might need to be escaped.
> Slashes do indeed look ugly and it also looks like a path separator.
> How about:
>
> ncrack scanme.nmap.org<ftp:9000>
>
> or perhaps not even enclosing the proto:port list:
>
> ncrack scanme.nmap.org:21,22,ftp:9000 foo.bar.com:telnet:9000,ssh:9001
>
> and maybe allow a few variations on the separator between the host and
> it's ports/services - such as : or + or % or @

Perhaps offering a few variations including / and < > is the way to go.
Brackets may also be supported but the user will be warned to escape them if
need be.

> jah


-- ithilgore

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org