Nmap Development mailing list archives

Re: Sounds like ftp-anon needs work?

From: Ron <ron () skullsecurity net>
Date: Wed, 19 May 2010 13:37:02 -0500

That patch makes a huge difference. Now, with Nmap:
x.x.x.20
x.x.x.21
x.x.x.22
x.x.x.23
x.x.x.26
x.x.x.27
x.x.x.28
x.x.x.29
x.x.x.30
x.x.x.31
x.x.x.32
x.x.x.33
x.x.x.36
x.x.x.38
x.x.x.42
x.x.x.43
x.x.x.224
x.x.x.225

And with metasploit:
x.x.x.20
x.x.x.21
x.x.x.22
x.x.x.23
x.x.x.26
x.x.x.27
x.x.x.28
x.x.x.29
x.x.x.30
x.x.x.31
x.x.x.32
x.x.x.33
x.x.x.36
x.x.x.38
x.x.x.42
x.x.x.224
x.x.x.225
x.x.x.251


So it looks like it's working great! 

On Wed, 19 May 2010 17:03:59 +0100 Rob Nicholls
<robert () robnicholls co uk> wrote:

On Wed, 19 May 2010 10:03:57 -0500, Ron <ron () skullsecurity net> wrote:

There's obviously some logic bug that's cropping up. This is kind of

ugly.

:)


A quick look at the script shows it only checks the first returned
line for a 230 code, but that sounds fairly correct.

I did a quick test of some GNU FTP Mirror servers and found one that
the script consistently fails against, but command line FTP works
(even with the same IEUser@ credentials that Nmap sends).

I suspect the issue is caused by the password being sent immediately
after the username, rather than waiting for the server to respond
requesting the password. By sending the password straightaway the
first response that Nmap sees might be "331 Please specify the
password" (or similar), causing the script to fail to spot the 230
that's returned on the next line.

I've attached a version of ftp-anon.nse (and corresponding patch) that
checks that the server requests a password before sending the
password, which seems to fix the issue against the FTP server I was
having trouble with (now they all consistently and correctly return
that it's allowed). Does this improve things for anyone/everyone else?

Rob



-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: Sounds like ftp-anon needs work?, (continued)
- - Re: Sounds like ftp-anon needs work? Ron (May 18)
    - Re: Sounds like ftp-anon needs work? kx (May 18)
    - Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
    - Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
    - Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
    - Re: Sounds like ftp-anon needs work? Joao Correa (May 19)
    - Re: Sounds like ftp-anon needs work? Ron (May 19)
    - Re: Sounds like ftp-anon needs work? Ron (May 19)
    - Re: Sounds like ftp-anon needs work? Ron (May 19)
    - Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
    - Re: Sounds like ftp-anon needs work? Ron (May 19)
    - Re: Sounds like ftp-anon needs work? Walt Scrivens (May 19)
    - Re: Sounds like ftp-anon needs work? David Fifield (May 19)
    - Re: Sounds like ftp-anon needs work? Rob Nicholls (May 19)
    - Re: Sounds like ftp-anon needs work? David Fifield (May 19)
    - Re: Sounds like ftp-anon needs work? Gutek (May 19)
    - RE: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
    - Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
    - Re: Sounds like ftp-anon needs work? David Fifield (May 20)
    - Re: Sounds like ftp-anon needs work? Rob Nicholls (May 20)
    - Re: Sounds like ftp-anon needs work? Ron (May 20)

(Thread continues...)