Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: Rob Nicholls <robert () robnicholls co uk>
Date: Tue, 01 Jun 2010 12:14:51 +0100
On Mon, 31 May 2010 13:28:40 -0600, David Fifield <david () bamsoftware com> wrote:
Something I didn't consider before: Do all FTP servers send a banner? If not, the script should begin by sending "USER anonymous", then read a single reply, and if it looks like a banner, discard it and continue processing.
I'm not aware of having seen any that don't return a banner, but I've only been testing up to a couple thousand FTP servers, so it's possible there are some unusual servers out there to be found with an -iR. With Gutek's latest version of the script, I've seen a lot of warnings about unhandled answers for the 530 code. Some of them are simply complaining about "The response 'IEUser () ' is not valid" that I think can easily be solved by sending IEUser@ instead (which is how previous versions of the script sent the password, and matches what IE normally sends). 220 FTP server ready. Anonymous access only. User (xx.xx.xx.xx:(none)): anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 530-The response 'IEUser ()' is not valid 530-Please use your e-mail address as your password 530- for example: joe () xx xx xx xx or joe@ 530-[xx.xx.xx.xx will be added if password ends with @] 530 Login incorrect. Others simply return fairly normal responses like "530 Login incorrect." and just need to be handled. I assume that any servers above the user limit would be treated as if a login had definitely failed: 530- 530- Sorry, there are too many users using the system at this time. 530- There is currently a limit of 10 users. Please try again later. 530- 530 Login incorrect. Or should we try to search for user limit responses and warn that it wasn't possible to determine whether anonymous login was successful? Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RE: Sounds like ftp-anon needs work?, (continued)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 22)
- Re: Sounds like ftp-anon needs work? Gutek (May 22)
- Re: Sounds like ftp-anon needs work? SM (May 23)
- Re: Sounds like ftp-anon needs work? David Fifield (May 27)
- Re: Sounds like ftp-anon needs work? Ron (May 27)
- Re: Sounds like ftp-anon needs work? Fyodor (May 29)
- Re: Sounds like ftp-anon needs work? Gutek (May 29)
- Re: Sounds like ftp-anon needs work? Richard Miles (May 30)
- Re: Sounds like ftp-anon needs work? Fyodor (May 30)
- Re: Sounds like ftp-anon needs work? David Fifield (May 31)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- Re: Sounds like ftp-anon needs work? Gutek (Jun 01)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 04)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 04)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 23)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)