Nmap Development mailing list archives

Re: FTP Anon Inquiry (Writeable Directory)

From: Gutek <ange.gutek () gmail com>
Date: Thu, 14 Apr 2011 18:40:41 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 14/04/2011 18:03, Rob Nicholls a écrit :

Hi Zack,

My question is, how can I tell that its writeable? Can I add files to
that
folder since it writeable?


The script is very basic in its check, it doesn't confirm that files
definitely can be written, it simply checks the returned directory
listing for a "w" character to indicate that files can potentially be
written inside that directory.

You can see this in the ftp-anon script:

for _, item in ipairs(listing) do
  -- Just a quick passive check on user rights.
  if string.match(item, "^[d-].......w.") then
    item = item .. " [NSE: writeable]"
  end
  result[#result + 1] = item
end

This means it could potentially be a false positive, but I suspect it's
generally very unlikely to be wrong. If you want to know for sure you'll
need to try and manually create a file within the directory, as the
script currently doesn't appear to be capable of uploading a file to be
100% sure.

Rob

Well, in fact, having a real "writeable" check like Metasploit does was
my first intention and I've submitted such a ftp-anon script during
developpement (http://seclists.org/nmap-dev/2010/q2/590).
But as this idea was discussed, it's been considered too agressive or
intrusive or risky (I don't know how to express it exactly)
(http://seclists.org/nmap-dev/2010/q2/640).
A workaround was suggested, maybe writting a script that checks this
write ability on its own (http://seclists.org/nmap-dev/2010/q2/650).

I'm still open to re-discuss, re-write, improve, new script...

Regards,

Ange
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk2nI4kACgkQ3aDTTO0ha7gSvwCbByRx9zyrrT7KjpYgOdRfabXf
FtMAmwTMdb6GvBpI17dW2OPvFff15jNn
=orXn
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

FTP Anon Inquiry (Writeable Directory) Zack Dela (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Rob Nicholls (Apr 14)
  - Re: FTP Anon Inquiry (Writeable Directory) Gutek (Apr 14)
- <Possible follow-ups>
- Re: FTP Anon Inquiry (Writeable Directory) Vlatko Kosturjak (Apr 14)
- Re: FTP Anon Inquiry (Writeable Directory) Zack Dela (Apr 14)