Nmap Development mailing list archives
Re: LUA Script Ideas
From: Fyodor <fyodor () insecure org>
Date: Mon, 31 Jul 2006 16:39:49 -0700
On Mon, Jul 31, 2006 at 01:18:56PM +0200, Eddie Bell wrote:
It was stripped out from the message by mailing list managerHere it is again
Thanks, this is a good script idea! I think we should probably use a more subtle anon password than "@nmap-scan". It may be best to use whatever browsers like FireFox or IE use. I think that is wwwuser@, but I'm not certain. Also, did you test this against very many FTP servers? The script contains: socket:connect(host.ip, port.number, port.protocol) socket:send("anonymous"); socket:send("@nmap-scan"); I would expect that you would need at least a newline (probably "\r\n" after the username and password, and that some FTP servers would require you to wait for a username response before asking for the password. I think here you are just sending a username of "anonymous@nmap-scan", and the server may be waiting for more data (continuation of the username string). The 220 you get back (or don't) may just be the FTP server banner. Or maybe I'm wrong. But would you test this a little more against a servers allowing anon ftp (such as ftp.kernel.org, ftp.microsoft.com, ftp.sun.com) and some that don't (ftp.playboy.com)? I agree that a solid anonymous FTP testing script is worth having. Thanks, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Martin Mačok (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Jul 31)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Eddie Bell (Aug 01)
- Re: LUA Script Ideas Fyodor (Aug 02)
- Re: LUA Script Ideas Fyodor (Jul 31)
- Re: LUA Script Ideas Richard Moore (Jul 31)
- Re: LUA Script Ideas Jon Passki (Jul 31)