Nmap Development mailing list archives

Re: Some scripts for analyzing NetBus

From: Toni Ruottu <toni.ruottu () iki fi>
Date: Mon, 13 Dec 2010 23:53:48 +0200

The scripts store a password in nmap.registry.netbuspassword. This won't
work if more than host with different passwords is scanned at the same
time. You should make this indexed by IP address and port number.


I'll look into this.

If there's no password set on the server, the output of netbus-brute is:
|_netbus-brute:
There should be some message to make clear that it's an empty or blank
password.


It is indeed a blank password. I think trying to log in with "foo"
(when the blank password is set) would cause an error, but I'd need to
check to be sure. Is some other brute script reporting a blank? I
could copy the message format to remain consistent.

Similarly netbus-auth-bypass fails to report if it was able to connect
with a blank password:
       socket:send("Password;1;\r") --password: empty
       if buffer() ~= "Access;1" then
               return
       end
       socket:send("Password;1; \r") --password: space
       if buffer() == "Access;1" then
               return "Vulnerable"
       end
There should be an "else" on that second "if" that says, "Not
vulnerable, but password is blank."


Oh, I thought it would be task of netbus-brute to figure that out.
Maybe it makes sense to detect that here too. :-)

Wow, I tried running NetBus170 on a Fedora VM under WINE, and your
right. The "Screendump" button even gets a copy of the whole GNOME
desktop.

One of the scripts messed up the server (which you warned about) so that
every button brings up a dialog reading "Sorry, host is password
protected." I think this was netbus-auth-bypass. I moved the script into
the "intrusive" category because of this. Can you explain what
circumstances cause the server to be locked out so it can be documented?


I think any failed authentication attempt will fail sessions for
everyone, but I have to check how this behaves with blank passwords.

  --Toni
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Some scripts for analyzing NetBus Toni Ruottu (Dec 02)
- Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 03)
  - Re: Some scripts for analyzing NetBus Max (Dec 03)
  - Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 08)
    - Re: Some scripts for analyzing NetBus Ron (Dec 08)
    - Re: Some scripts for analyzing NetBus Patrick Donnelly (Dec 08)
    - Re: Some scripts for analyzing NetBus Rob Nicholls (Dec 08)
    - Re: Some scripts for analyzing NetBus Arturo 'Buanzo' Busleiman (Dec 08)
  - Re: Some scripts for analyzing NetBus David Fifield (Dec 13)
    - Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 13)
    - Re: Some scripts for analyzing NetBus David Fifield (Dec 14)
    - Re: Some scripts for analyzing NetBus Toni Ruottu (Dec 30)
    - Re: Some scripts for analyzing NetBus David Fifield (Dec 30)