Re: Gyani's Status Report - #9 of 17

[Gyanendra Mishra <anomaly.the () gmail com>]

Hi,

I have really bad connectivity here, had none for the last 24 hours but I
finally found connectivity to post a follow up. I hope I still have
connectivity by the time i hit send. This is a follow up to what i sent
earlier.

Amendments:
 * Solved #150, relaxed the check for success earlier was 200 and 204 now
any thing that is 20* is accepted, also added xmloutput to the script.
 * Solved #115 - The script doesn't calculate scores and warnings where
ever ssl is required, also you won't see the error logs if you run with -d
and don't have ssl.
 * Solved #38 - This script checks for vulnerability in a wordpress plugin
called 'CM download manager' which allows remote code execution, it was
posted earlier this year by mzet. A random string was hardcoded and the
check for the vulnerability didn't support would lead to a lot of false
positives. Corrected that.

Accomplishments:
 * Wrote a first draft for auto auth, requires user supplied args
http.username and http.password allows NTLM, Digest and Basic. I would
suggest that you guys don't change your http.lua :P as this one is probably
very bugy. Couldn't test much because of no connectivity.[1] I didn't write
over my http.lua as it had a working and tested support for NTLM and didn't
want this version to mess it up. I guess I should make another folder in
nmap-exp/gyani called "probably buggy" :P.
 * Added parsing for the smb response for linux versions, my system is
Ubuntu 14.04 and it returns Unix (Samba 4.1.6-Ubuntu). Some more version
strings provided by you guys would be awesome to test.[2]

Gyani
[1]https://svn.nmap.org/nmap-exp/gyani/nselib/http-autoauth.lua
[2]https://svn.nmap.org/nmap-exp/gyani/nselib/osinfo.lua



On Sat, Jun 27, 2015 at 9:57 PM, Gyanendra Mishra <anomaly.the () gmail com>
wrote:

> Hi,
>
> I am not sure about my internet connectivity for the next few days as I
> will be out of town, so I am posting my status report a bit early. I'll
> post a follow up if I can. Apart from work, I have already submitted my
> midterm review just to be safe.
>
> Accomplishments
>  * Solved #150 and committed it in rev 34725.
>  * Solved #115[1] and #38[2].
>  * Wrote a `tracer bullet` for http-fetch, a script to fetch interesting
> files from servers.[3]
>  * Added structured lookup, cpe parsing in case lookup fails and support
> for more version strings to osinfo.lua
>  * Fixed a few bugs in few of my other scripts.
>
> Priorities
>  * Look into remaining PRs
>  * Extend http.lua to support auto authentication.
>  * Extend http.fetch to more features and include more interesting files
> in the default table.
>
> Gyani
>
> [1]https://svn.nmap.org/nmap-exp/gyani/scripts/ssl-enum-ciphers.nse
> [2]https://svn.nmap.org/nmap-exp/gyani/scripts/http-vuln-cve2014-8877.nse
> [3]https://svn.nmap.org/nmap-exp/gyani/scripts/http-fetch.nse
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/