Re: Sounds like ftp-anon needs work?

[Fyodor <fyodor () insecure org>]

On Sun, May 30, 2010 at 08:48:19AM +0200, Gutek wrote:
> I send it right now despite the fact that it does not checks for other
> directories but root, so that we can start comments/testing.
> In the meanwhile, i'm thinking about editing the read/write check part :
>
> - - Try to LIST and table{} the directories
> - - for each Dir in Table{}, check write-ability. Maybe a depth and/or max
> dir question, here ? It could take a very long time on a huge ftp

Yeah, I like the idea of a default maximum (which people can change).
A depth check may not be good enough because some FTP trees are very
deep and narrow, while others may have thousands of subdirectories off
the root.  One could specify a count of directories instead, but
perhaps a better approach is to act like our brute force scripts and
specify a maximum amount of time to try.  That way it can do many more
checks on a fast server than a slow one.  You could even call
unpwdb.timelimit() to get the default value.  That function is nice
because it takes into account timing values like -T4 and also allows
the user to override it.  If more non-brute-force scripts start using
it, we might want to move it into a different library than unpwdb.

> Anyway, here are the new Outputs I propose:
[...]
> - -- Is writeable, but something occured when trying to clean our tracks
> - -- 21/tcp open  ftp
> - -- | ftp-anon: Anonymous FTP login allowed (FTP code 230) (Writeable)
> - -- |_/!\ WARNING : we may have left a directory behind us, unable to
> remove it ! (FTP code 500)

I'd take out the "/!\ " as I think "WARNING :" is clear enough.  I'd
also remove the space before the colon.  And it would be great to
print the directory name left behind.  If you start checking
subdirectories, I'd suggest adding an extra line which shows which
directories are writeable rather than just adding "(Writeable)" to the
main line.  For now, putting "Writeable root dir" instead of just
"Writeable" might be more clear.

> Note that in Default Behavior I suggest the args option to the user.
> Nothing to do with the topic, but I've noticed that around me some users
> are not really aware about scripts arguments, or forget that they exist
> for a given script.

That sounds reasonable.  An alternative to the option is creating a
separate ftp-anon-write script.  The dependencies feature could be
used to avoid logging into the server twice in the case that they are
both specified.  The ftp-anon script would probably list
ftp-anon-write as a dependency since ftp-anon-write would determine
any info that ftp-anon needs to know as a side effect of its
operation.

The current argument approach is fine too--I don't think I have a
strong preference between that vs. a separate script.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/