Nmap Development mailing list archives
Re: FTP Anon Inquiry (Writeable Directory)
From: Gutek <ange.gutek () gmail com>
Date: Thu, 14 Apr 2011 18:40:41 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 14/04/2011 18:03, Rob Nicholls a écrit :
Hi Zack,My question is, how can I tell that its writeable? Can I add files to that folder since it writeable?The script is very basic in its check, it doesn't confirm that files definitely can be written, it simply checks the returned directory listing for a "w" character to indicate that files can potentially be written inside that directory. You can see this in the ftp-anon script: for _, item in ipairs(listing) do -- Just a quick passive check on user rights. if string.match(item, "^[d-].......w.") then item = item .. " [NSE: writeable]" end result[#result + 1] = item end This means it could potentially be a false positive, but I suspect it's generally very unlikely to be wrong. If you want to know for sure you'll need to try and manually create a file within the directory, as the script currently doesn't appear to be capable of uploading a file to be 100% sure. Rob
Well, in fact, having a real "writeable" check like Metasploit does was my first intention and I've submitted such a ftp-anon script during developpement (http://seclists.org/nmap-dev/2010/q2/590). But as this idea was discussed, it's been considered too agressive or intrusive or risky (I don't know how to express it exactly) (http://seclists.org/nmap-dev/2010/q2/640). A workaround was suggested, maybe writting a script that checks this write ability on its own (http://seclists.org/nmap-dev/2010/q2/650). I'm still open to re-discuss, re-write, improve, new script... Regards, Ange -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk2nI4kACgkQ3aDTTO0ha7gSvwCbByRx9zyrrT7KjpYgOdRfabXf FtMAmwTMdb6GvBpI17dW2OPvFff15jNn =orXn -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- FTP Anon Inquiry (Writeable Directory) Zack Dela (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Rob Nicholls (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Gutek (Apr 14)
- <Possible follow-ups>
- Re: FTP Anon Inquiry (Writeable Directory) Vlatko Kosturjak (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Zack Dela (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Rob Nicholls (Apr 14)