Nmap Development mailing list archives
Re: [NSE] Detection of ProFTPD backdoor
From: Mak Kolybabi <mak () kolybabi com>
Date: Fri, 10 Dec 2010 22:15:52 -0600
On 2010-12-08 14:22, Michael Meyer wrote:
In my first tests nmap and proftpd are on the same maschine. Now i'm doing a few test with a nmap on an other host. When doing this, the script from Mak work _sometimes_ (2 of 10) but not always. Most times i got NSOCK (0.1560s) Read request from IOD #1 [192.168.2.4:21] (timeout:5000ms) EID 42 NSOCK (5.1560s) Callback: READ TIMEOUT for EID 42 [192.168.2.4:21] NSE: Can't read command response: TIMEOUT when it fails. NSOCK (0.1120s) Read request from IOD #1 [192.168.2.4:21] (timeout:5000ms) EID 42 NSOCK (0.1220s) Callback: READ SUCCESS for EID 42 [192.168.2.4:21] (131 bytes) NSE: TCP 192.168.2.20:53614 < 192.168.2.4:21 | uid=0(root) gid=0(root) Gruppen=0(root) on success.
Sorry it has taken me so long to respond, it's been a busy week. One difference I notice between the modified script you posted a few emails back and the original is that the modified one has socket:set_timeout(10000) and the original has sock:set_timeout(5000) Since it sounds like the error that you're getting is consistently a timeout, what is the result of changing *only* that value in the script? Does that make it work reliably? The five-second timeout I chose was completely arbitrary. -- Mak Kolybabi <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 10)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 11)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 12)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 13)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 29)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)