Nmap Development mailing list archives
Re: FTP Anon Inquiry (Writeable Directory)
From: Rob Nicholls <robert () robnicholls co uk>
Date: Thu, 14 Apr 2011 17:03:10 +0100
Hi Zack,
My question is, how can I tell that its writeable? Can I add files to thatfolder since it writeable?
The script is very basic in its check, it doesn't confirm that files definitely can be written, it simply checks the returned directory listing for a "w" character to indicate that files can potentially be written inside that directory.
You can see this in the ftp-anon script:
for _, item in ipairs(listing) do
-- Just a quick passive check on user rights.
if string.match(item, "^[d-].......w.") then
item = item .. " [NSE: writeable]"
end
result[#result + 1] = item
end
This means it could potentially be a false positive, but I suspect it's
generally very unlikely to be wrong. If you want to know for sure you'll
need to try and manually create a file within the directory, as the
script currently doesn't appear to be capable of uploading a file to be
100% sure.
Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- FTP Anon Inquiry (Writeable Directory) Zack Dela (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Rob Nicholls (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Gutek (Apr 14)
- <Possible follow-ups>
- Re: FTP Anon Inquiry (Writeable Directory) Vlatko Kosturjak (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Zack Dela (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Rob Nicholls (Apr 14)