Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

backorifice-info

From: Gorjan Petrovski <mogi57 () gmail com>
Date: Tue, 12 Apr 2011 02:55:31 +0200
Hello,

Here is the latest version of the backorifice-info script, which
gathers basic information about Windows machines running the
BackOrifice service. I'd really like to finalize this script and move
on to more interesting ones. Is it good enough to be accepted into
Nmap Library?

How do we handle lines that are too long to be printed into terminal
(longer than 80 chars)?
I cut long lines at about ~75 chars and added a "  ..." at the
beginning of the new line so output looks like this now:

31337/udp open|filtered BackOrifice
| backorifice-info:
|   PING REPLY
|     !PONG!1.20!HAL9000!
|   SYSTEM INFO
|     System info for machine 'HAL9000'
|     Current user: 'Dave'
|     Processor: I586
|     Win32 on Windows 95 v4.10 build 2222 -  A
|     Memory: 63M in use: 30%  Page file: 1984M free: 1970M
|     C:\ - Fixed Sec/Clust: 64 Byts/Sec: 512,  Bytes free: 2147155968/21471
|       ...155968
|     D:\ - CD-ROM
|   PROCESS LIST
|       PID  -    Executable
|     4293872589 C:\WINDOWS\SYSTEM\KERNEL32.DLL
|     4294937581 C:\WINDOWS\SYSTEM\MSGSRV32.EXE
|     4294935933 C:\WINDOWS\SYSTEM\MPREXE.EXE
|     4294843869 C:\WINDOWS\SYSTEM\MSTASK.EXE
|     4294838549 C:\WINDOWS\SYSTEM\ .EXE
|     4294864917 C:\WINDOWS\EXPLORER.EXE
|     4294880413 C:\WINDOWS\TASKMON.EXE
|     4294878445 C:\WINDOWS\SYSTEM\SYSTRAY.EXE
|     4294771309 C:\WINDOWS\WINIPCFG.EXE
|     4294772081 C:\WINDOWS\SYSTEM\WINOA386.MOD
|   NETWORK RESOURCES - NET VIEW
|     (null) '(null)' - Microsoft Network - UNKNOWN!  (Network root?):CONTAINER
|     (null) 'WORKGROUP' - (null) - DOMAIN:CONTAINER
|     (null) '\\HAL9000' -  - SERVER:CONTAINER
|     (null) '\\HAL9000\DOCUMENTS' - sample comment 2 - SHARE:DISK
|     (null) '\\WIN982' -  - SERVER:CONTAINER
|     (null) '\\WIN982\BO' - tee hee hee comment - SHARE:DISK
|   SHARELIST
|     'DOCUMENTS'-C:\WINDOWS\DESKTOP\DOCUMENTS 'sample comment 2' RO:'' RW:'
|       ...'' Disk PERSISTANT READONLY
|     'IPC$'-  'Remote Inter Process Communication' RO:'' RW:'' IPC FULL
|   REDIRECTED PORTS
|     0:port 1001:TCP->192.168.1.105:22
|   LISTENING CONSOLE APPLICATIONS
|     0:'command.com' on port 23
|   PLUGIN LIST
|_    End of plugins

Is this right?

Gorjan

Attachment: backorifice-info.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: