Nmap Development mailing list archives
Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 19 Jun 2012 12:48:32 -0500
On 06/18/2012 05:06 PM, Daniel Miller wrote:
I've tested this so far with Linux kernel NFS server and Solaris 10 NFS server, with no issues. Scripts tested were rpcinfo, nfs-showmount, nfs-ls, and nfs-statfs.On 04/20/2012 08:00 AM, Patrik Karlsson wrote:I haven't heard anything, positive or negative, regarding testing on this patch, though I got lots of publicity when I requested testers on Twitter. I'm attaching an updated patch that applies to the current SVN versions of these scripts and libraries (Some lua-formatting had changed things around). I'd appreciate a second look, since I haven't run into any issues, and people may be falsely thinking their NFS setup is secure since Nmap can't currently get access.On Thu, Apr 5, 2012 at 2:31 PM, Daniel Miller <bonsaiviking () gmail com <mailto:bonsaiviking () gmail com>> wrote:List, I've just finished enhancing the nfs-ls, nfs-statfs, and nfs-showmount scripts so that they can run based on version detection information, for cases where the portmapper is firewalled. For nfs-ls and nfs-statfs, this required making a hostrule to check that both a mountd service and a nfs service were detected. In the process, I ended up adding the AUTH_UNIX flavor to rpc.lua, since the RFC states that AUTH_NULL can only be used for the NULL procedure (and my Linux nfs-kernel-server was enforcing that). Other minor changes: * If running privileged, attempt to bind to a reserved port. Many NFS servers refuse to talk to source ports >1024, as a "security measure" * handle an odd case in nfs-ls where READDIRPLUS does not return file attributes. Chose to use all ?'s, but in the future maybe a direct GETATTR call? * remove reference to nfs.dirlist argument from nfs-ls doc, since it is unused Hope you like it! Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ Does anyone have a suitable environment to test Daniels improvements?I currently don't, but could likely set one up if nobody else has the possibility to test.It would be great to get these changes committed. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77Dan
Dan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper Daniel Miller (Apr 05)
- Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper Patrik Karlsson (Apr 20)
- Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper Daniel Miller (Jun 18)
- Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper Daniel Miller (Jun 19)
- Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper David Fifield (Jun 19)
- Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper Daniel Miller (Jun 18)
- Re: [NSE][patch] Add AUTH_UNIX to rpc.lua, let nfs-* run without portmapper Patrik Karlsson (Apr 20)