Nmap Development mailing list archives
backorifice-info
From: Gorjan Petrovski <mogi57 () gmail com>
Date: Tue, 12 Apr 2011 02:55:31 +0200
Hello, Here is the latest version of the backorifice-info script, which gathers basic information about Windows machines running the BackOrifice service. I'd really like to finalize this script and move on to more interesting ones. Is it good enough to be accepted into Nmap Library? How do we handle lines that are too long to be printed into terminal (longer than 80 chars)? I cut long lines at about ~75 chars and added a " ..." at the beginning of the new line so output looks like this now: 31337/udp open|filtered BackOrifice | backorifice-info: | PING REPLY | !PONG!1.20!HAL9000! | SYSTEM INFO | System info for machine 'HAL9000' | Current user: 'Dave' | Processor: I586 | Win32 on Windows 95 v4.10 build 2222 - A | Memory: 63M in use: 30% Page file: 1984M free: 1970M | C:\ - Fixed Sec/Clust: 64 Byts/Sec: 512, Bytes free: 2147155968/21471 | ...155968 | D:\ - CD-ROM | PROCESS LIST | PID - Executable | 4293872589 C:\WINDOWS\SYSTEM\KERNEL32.DLL | 4294937581 C:\WINDOWS\SYSTEM\MSGSRV32.EXE | 4294935933 C:\WINDOWS\SYSTEM\MPREXE.EXE | 4294843869 C:\WINDOWS\SYSTEM\MSTASK.EXE | 4294838549 C:\WINDOWS\SYSTEM\ .EXE | 4294864917 C:\WINDOWS\EXPLORER.EXE | 4294880413 C:\WINDOWS\TASKMON.EXE | 4294878445 C:\WINDOWS\SYSTEM\SYSTRAY.EXE | 4294771309 C:\WINDOWS\WINIPCFG.EXE | 4294772081 C:\WINDOWS\SYSTEM\WINOA386.MOD | NETWORK RESOURCES - NET VIEW | (null) '(null)' - Microsoft Network - UNKNOWN! (Network root?):CONTAINER | (null) 'WORKGROUP' - (null) - DOMAIN:CONTAINER | (null) '\\HAL9000' - - SERVER:CONTAINER | (null) '\\HAL9000\DOCUMENTS' - sample comment 2 - SHARE:DISK | (null) '\\WIN982' - - SERVER:CONTAINER | (null) '\\WIN982\BO' - tee hee hee comment - SHARE:DISK | SHARELIST | 'DOCUMENTS'-C:\WINDOWS\DESKTOP\DOCUMENTS 'sample comment 2' RO:'' RW:' | ...'' Disk PERSISTANT READONLY | 'IPC$'- 'Remote Inter Process Communication' RO:'' RW:'' IPC FULL | REDIRECTED PORTS | 0:port 1001:TCP->192.168.1.105:22 | LISTENING CONSOLE APPLICATIONS | 0:'command.com' on port 23 | PLUGIN LIST |_ End of plugins Is this right? Gorjan
Attachment:
backorifice-info.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- backorifice-info Gorjan Petrovski (Apr 11)
- Re: backorifice-info David Fifield (Apr 18)
- Re: backorifice-info Gorjan Petrovski (Apr 19)
- Re: backorifice-info David Fifield (Apr 20)
- Re: backorifice-info Gorjan Petrovski (Apr 20)
- Message not available
- Message not available
- Re: backorifice-info Gorjan Petrovski (Apr 25)
- Re: backorifice-info Gorjan Petrovski (Apr 19)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: backorifice-info Gorjan Petrovski (Apr 25)
- Re: backorifice-info Patrick Donnelly (Apr 25)
- Re: backorifice-info David Fifield (Apr 18)
- Re: backorifice-info Toni Ruottu (Apr 20)
- Re: backorifice-info Gorjan Petrovski (Apr 20)
- Re: backorifice-info Toni Ruottu (Apr 20)