Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sounds like ftp-anon needs work?

From: Rob Nicholls <robert () robnicholls co uk>
Date: Wed, 19 May 2010 17:03:59 +0100
On Wed, 19 May 2010 10:03:57 -0500, Ron <ron () skullsecurity net> wrote:

There's obviously some logic bug that's cropping up. This is kind of

ugly.

:)


A quick look at the script shows it only checks the first returned line
for a 230 code, but that sounds fairly correct.

I did a quick test of some GNU FTP Mirror servers and found one that the
script consistently fails against, but command line FTP works (even with
the same IEUser@ credentials that Nmap sends).

I suspect the issue is caused by the password being sent immediately after
the username, rather than waiting for the server to respond requesting the
password. By sending the password straightaway the first response that Nmap
sees might be "331 Please specify the password" (or similar), causing the
script to fail to spot the 230 that's returned on the next line.

I've attached a version of ftp-anon.nse (and corresponding patch) that
checks that the server requests a password before sending the password,
which seems to fix the issue against the FTP server I was having trouble
with (now they all consistently and correctly return that it's allowed).
Does this improve things for anyone/everyone else?

Rob

Attachment: ftp-anon.nse
Description:

Attachment: ftp-anon-check-password.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: