Nmap Development mailing list archives

Re: [NSE] Detection of ProFTPD backdoor

From: David Fifield <david () bamsoftware com>
Date: Tue, 7 Dec 2010 14:47:16 -0800

On Tue, Dec 07, 2010 at 03:22:49PM +0100, Michael Meyer wrote:

Hello,

*** Mak Kolybabi <mak () kolybabi com> wrote:

I've attached a script to detect the ProFTPD backdoor. I submit it here for
(hopefully) inclusion into Nmap. I have tested it both on a backdoored, and a
non-backdoored version of ProFTPD 1.3.3c. Comments, concerns, criticism, and
testing are appreciated.


Doesn't work for me. See "http://pastebin.com/us4RebQP";.

I played around a little and got the following
working. It is _not_ a finished script, just an example.


Can you briefly explain what your script does differently?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
  - Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
    - Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 07)
    - Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 07)
  - Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
    - Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
    - Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
    - Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 10)
    - Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 11)
    - Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 12)
    - Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 13)
    - Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 29)