Nmap Development mailing list archives

Re: [NSE] New script: qnx-qconn.nse

From: Henri Doreau <henri.doreau () gmail com>
Date: Sun, 7 Oct 2012 15:01:25 +0200

2012/10/7 Brendan Coles <bcoles () gmail com>:

Hi nmap-dev,

Attached is qnx-qconn.nse which attempts to identify whether a listening
QNX QCONN daemon is vulnerable to command execution.

It has been tested on:
* QNX Neutrino 6.5.0
* QNX Neutrino 6.5.0 SP1

Example output:

PORT     STATE SERVICE VERSION
8000/tcp open  qconn   syn-ack qconn remote IDE support
| qnx-qconn:
|   Version: QNX localhost 6.5.0 2012/06/20-13:50:50EDT x86pc x86
|
|   Vulnerable to command execution vulnerability:
|_  http://metasploit.org/modules/exploit/unix/misc/qnx_qconn_exec

Feedback and suggestions are welcomed.


--
Brendan Coles
http://itsecuritysolutions.org/

Hello,

thanks for the script. I have a couple suggestions beside Patrik's ones:
  - Adding the 'vuln' category
  - Using to the vulns library for reporting
  - Use stdnse.parse_timespec() when parsing timeout specification
from --script-args.

Also, unless I miss something, the tonumber() statements have no
effect. I don't think this function modifies its argument in-place.

Regards

-- 
Henri

Attachment: qnx-qconn.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] New script: qnx-qconn.nse Brendan Coles (Oct 07)
- Re: [NSE] New script: qnx-qconn.nse Patrik Karlsson (Oct 07)
- Re: [NSE] New script: qnx-qconn.nse Henri Doreau (Oct 07)
  - Re: [NSE] New script: qnx-qconn.nse Brendan Coles (Oct 07)
  - Re: [NSE] New script: qnx-qconn.nse Paulino Calderon (Oct 07)