Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Claudiu's status report #11 of 13

From: Claudiu Perta <claudiu.perta () gmail com>
Date: Mon, 4 Aug 2014 23:14:59 +0100
Hi devs,

This is my GSOC status report.

* Updated ipmi scripts
       * Addressed all pending issues and added support for RAKP1/
         RAKP2 messages in ipmi.lua

* Implemented ipmi-user-brute.nse script
       * Tested on OpenIPMI v2.0.21
       * Spent a lot of time debugging an error with usernames longer than
          5 characters. I checked the IPMI protocol specification and found
          that the RAKP1 message int the metasploit script has the wrong
          format, and changing it accordingly seems to work fine (I'll
contact
          the author of the script to double-check this)

* Implemented deluge-rpc-brute.nse script
        * Tested on Ubuntu, with deluged v1.3.6

* ssl-ccs-injection.nse tests
        * Still a few OpenSSL versions to be checked; so far, the only
issue
          I found is when the socket timeout is reached (10s). In this
case,
          the check is not performed and there is no indication of that in
the
          output, resulting in a false positive.

Cheers,
Claudiu
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: