Re: Sounds like ftp-anon needs work?

[Rob Nicholls <robert () robnicholls co uk>]

On Tue, 1 Jun 2010 17:29:50 -0600, David Fifield <david () bamsoftware com>
wrote:
> No, that's still not what I was thinking. Can you test the attached
> script and see if it works for you?

It seems to work okay. I've attached an updated version that corrects a
typo in one of the FTP error codes and adds a check for 331 after sending
a
332 (as, apparently, you sometimes need to send a PASS after an ACCT).

> My point about removing the loop is that we don't want to treat all
> reply codes exactly the same for all the commands we send. Like if we
> get a 220 in response to USER, we want to quit, not send USER again.

Ah yes, that "common case" of a "220 Service ready for new user"
immediately after a USER command ;)

But you're right, we shouldn't send commands repeatedly, especially as a
badly written or malicious FTP server could otherwise force the script into
an endless loop (until the script/host times out). Your new logic tree
seems to handle it okay, although it no longer displays the unusual FTP
codes as part of the normal output.

Would it be okay to modify the script you commit to provide some
additional output if Nmap's verbosity has been increased (e.g. -vv)? I
wouldn't mind seeing the more unusual codes in the normal output (e.g. 530,
503) if I increased the verbosity. Also, someone emailed me off-list
suggesting we include the FTP server's output (although the existing banner
script should show the initial banner, but they seemed to be after the
responses during the authentication stage).

Rob

Attachment: ftp-anon.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/