Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sounds like ftp-anon needs work?

From: David Fifield <david () bamsoftware com>
Date: Mon, 31 May 2010 13:28:40 -0600
On Sun, May 30, 2010 at 08:48:19AM +0200, Gutek wrote:

Please find attached a new version according to the comments
- Buffer-reading function
- R/W ability is now an option, enabled with --script-args rw=test
- R/W : if unable to RMD our crap, at least warn the user


Is there a way you can rewrite this without the "while status do" loop?
Our algorithm for checking for anonymous login doesn't involve a loop,
so there shouldn't be a loop in the script. The only place a loop should
be needed is in receiving a multi-line reply in read_reply.

Something I didn't consider before: Do all FTP servers send a banner? If
not, the script should begin by sending "USER anonymous", then read a
single reply, and if it looks like a banner, discard it and continue
processing.

Please factor out the R/W testing into a separate function. This will
become more important if we start adding directory traversal.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: