Re: Ideas for nmap development

[Toni Ruottu <toni.ruottu () iki fi>]

> The problem is that exploits may enable one to do all kinds of things
> to a vulnerable system. It is not clear you want to do all of those
> things. For example some versions of NetBus let you bypass
> authentication. The netbus-auth-bypass script detects this and reports
> it to the user. We also make use of the vulnerability in netbus-info,
> as it is important for the admin to see what kind of information the
> service leaks through. However we do not use auth bypass to perform
> any operations on the vulnerable system.
>
> The reason why we do not perform operations on systems is that nmap
> does not have a way for defining operations. We'd first need a way of
> telling nmap: change password of all discovered systems to "kallisti".
> Then we could write setpwd-scripts to automate the task for different
> protocols. This might not be a bad idea, but the tasks to perform
> should not require interaction. Thus metasploit would still remain the
> way to go for more complex tasks.

I just created a new script called action-passwd-netbus.nse that
attempts to set the password used to authenticate the NetBus server
admin. See the message thread with the same name on this mailing list.
If people write more such scripts you can, in the future, execute all
scripts of a certain exploit type, by giving a wildcard on the command
line. For example you could try to set passwords of all systems by
defining action-passwd-*.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/