Nmap Development mailing list archives
Re: NSE / nsock library questions
From: "Eddie Bell" <ejlbell () gmail com>
Date: Thu, 22 May 2008 22:06:18 +0100
I remember this coming up before, http://seclists.org/nmap-dev/2007/q2/0319.html As doug points out, it is possible but will play havoc with the parallelization - eddie 2008/5/22 Thomas Buchanan <TBuchanan () thecompassgrp net>:
I'll pose the questions first, and then provide a little background in case it helps. 1. Does NSE or nsock allow you to create and open a socket for (inbound) listening, rather than for (outbound) connections? 2. Does NSE allow you to specify the originating port or port range that you would like to use for sockets? More specifically, can I tell it that the outbound connection needs to originate from a "privileged" port (<1023)? Here's the background: I'm looking into creating an NSE script to extract information from hosts running the rshd (remote shell) service. If I understand the protocol correctly, the client system opens a connection to the rshd service (must be from a privileged port) and sends a null terminated ASCII string. This string is interpreted by the server as a port number on the client system, which the server will attempt a connection to (this is why I need to create a listening port). This port must also be a privileged port. The client then sends the user and command information over the first established connection, while the server sends responses back over the second established connection. I can't see any way to accomplish this using the current set of NSE/nsock functionality, and I'm afraid I'm not too keen to dig into raw sockets / pcap unless I absolutely have to. Are there any other situations where it might be of value to be able to create listening sockets? Given the recent discussion about Nessus, and the expressed interest in building Nmap's profile in the vulnerability scanning field, I wonder if this functionality might be helpful to others as well. Thanks, Thomas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE / nsock library questions Thomas Buchanan (May 22)
- Re: NSE / nsock library questions Eddie Bell (May 22)
- RE: NSE / nsock library questions Thomas Buchanan (May 22)
- Re: NSE / nsock library questions majek04 (May 22)
- Re: NSE / nsock library questions doug (May 22)
- Re: NSE / nsock library questions Eddie Bell (May 22)