Re: Jiayi's Status Report - #17 of 17

[Paulino Calderon <paulino () calderonpale com>]

Hey,

I've been using the vulscan script these past weeks and  there are a couple
of additional checks that I added to my working copy but I think it is
ready for inclusion after updating the installation instructions.

I'll keep working with jiayi to include everything that is stable this
week.

Cheers.
El 14/9/2015 15:28, "Fyodor" <fyodor () nmap org> escribió:

> On Sun, Aug 23, 2015 at 6:03 PM, Jiayi Ye <yejiayily () gmail com> wrote:
> > It was great to take part in GSoC. It was a fun summer.
>
> Thanks Jiayi.  We all enjoyed working with you too!
>
>
> >  Here are what I accomplished and what I will do next.
>
> This is a great summary and helps us in trying to make sure that as much
> as possible can be integrated into the Nmap trunk where it can benefit
> millions of Nmap users.  Regarding that:
>
>
> >  *  Tor-consensus-check (NEW): This script works by using
>
> I think this one is already all integrated!
>
> *
> > smtp-vuln-cve2015-0235 (NEW): This script checks for and/or exploits a heap-based buffer overflow in the GNU C 
> > Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems (CVE-2015-0235) that run the Exim mail server. 
> > I finished the detection part to report vuln CVE 2015-0235 in Exim mail server, besides, I wrote the part of 
> > information leak, but I failed to perform successful exploitation in my vulnerability environment.
>
> How about removing the (not fully working) exploitation part and then
> checking in just the version of the script which does the vuln check?  And
> then you could integrate the rest if and when it's working?
>
> *
> > vulscan (UPDATE): This script attempts to discover vulnerabilities by matching information from the version 
> > detection engine with databases such as CVE, ExploitDB and Scipvuldb. I updated the script in the following aspects.
>
> I haven't looked at this one real closely yet.
>
>  *
> > http-vuln-cve2015-1635 (UPDATE): This script checks for a remote code execution vulnerability (MS15-034) in 
> > Microsoft Windows systems (CVE2015-2015-1635). And I updated http-vuln-cve2015-1635 to perform reliable information 
> > disclosure by trying different byte ranges.
>
> Great.  If you and Paulino agree that this is ready to check in, please do
> so.
>
>
> >  *  smb-check-vulns.nse (UPDATE): I split the script into six scripts (
> > https://github.com/nmap/nmap/issues/171) and ported these
> >
> >  vulnerability scripts to the vulns library. Besides, I set vulnerability environment for each of them and tested 
> > the splitted scripts in different vuln environment.
>
> Nice!  Dan was telling me how valuable he thought this sort of
> reorganization would be.  I think he's going to take a look at it and
> provide feedback.
>
>
> > NSELIB:
> >
> >
> > * I spent a amount of time on implementing functionality related to SMB2 protocol. At first I wrote a sperated lib 
> > named smb2.lua. Then I combined smb2.lua with current smb.lua.
>
> This may actually turn out to be the most valuable of all your
> contributions this summer.  Neither Dan nor I have very much SMB2
> expertise, but Dan said he'd at least take a look soon.  It's of course
> encouraging that you've tested it on both Windows and Samba SMB servers.
>
> This is a lot of good stuff and I just want to make sure that as much as
> possible can make that final but crucial Nmap integration step.
>
> Cheers,
> Fyodor
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/