Re: OpenTibia service probes

[Jacek Wielemborek <wielemborekj1 () gmail com>]

I attach first version of opentibia-info.nse. Here's some example output:

Starting Nmap 6.40 ( http://nmap.org ) at 2013-09-18 01:11 CEST
Nmap scan report for thunderot.servegame.com (198.27.78.2)
Host is up (0.11s latency).
PORT     STATE SERVICE   VERSION
7171/tcp open  OpenTibia 8.7x
| opentibia-info:
|   map:
|     name: World.otbm
|     height: 33330
|     author: Thunder OT
|     width: 33455
|   owner:
|     name: Thunder OT
|     email: contato () thunderot com br
|   players:
|     peak: 468
|     max: 700
|     online: 83
|   serverinfo:
|     uptime: 10h:4m
|     servername: Thunder OT
|     version: 0.4_SVN
|     server: Advanced Forgotten Server
|     location: Brazil
|     ip: 198.27.78.2
|     url: http://www.thunderot.com.br
|     port: 7171
|     client: 8.71
|   npcs:
|     total: 650
|   monsters:
|_    total: 52219

Service detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.06 seconds

Actually, turns out that perhaps the "server info" probe might be more
useful at detecting OpenTibia than the unencrypted login request I
originally came up with. Please note the serverinfo[server] field and
serverinfo[version] - they're telling the exact OpenTibia build that
is hosted here. No idea how it works today, but a few years ago there
was a plague of closed-source (original OpenTibia is GPL'd) builds,
often quite unstable, so an intruder might be interested in this
information looking for buffer overflows and such.

This script is probably insecure in its current form. I could have
made changes to it after having published this post, so please have a
look here for a later version: https://gist.github.com/d33tah/6602030

Attachment: opentibia-info.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/