Nmap Development mailing list archives
Re: Sounds like ftp-anon needs work?
From: Gutek <ange.gutek () gmail com>
Date: Tue, 01 Jun 2010 18:55:14 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm a bit lost between my working copy and those that were already proposed to the list, but i'm nearly sure that the line socket:send("PASS IEUser@\r\n") has never changed since the beginning (i.e: since the original ftp-anon script, in fact !)... that said, about the unhandeled 530: I only work with -iR for the very reason Rob mentionned about the banners, facing both usual ftp configurations and also weird, unusual ones. A few hours after posting my last copy of the script I've noticed,too, that it warns about unhandeled 530 too many times for very common reasons that, indeed, did not worth to mention like "530 Login incorrect.". My first bet was to simply exclude the 530-code from the return "unhandeled bla bla bla" but, yep... I forgot the case where the server has reached the max users allowed. And I agree : this particular case *does* matter, the script should deal with it and suggest the nmap-user to try again later. I'm afraid it will be hard (or: I don't know how) to detect this max-users-limit-reached, as the 530 code is a very generic failure and the message attached can be in any language (i.e: we can't string.match on it) I've got another problem, on another topic: fetching the LIST of directories. I may be wrong but we have two ways to do it : PORT (where *we* say to the target "send me your list on this port of mine") or PASV (where we ask *the target* "open a port of yours where I can grab the list") - - what (do you think) would be the best way ? PORT or PASV ? - - in case of PORT, what would be the best way to know *our* IP, so that we can socket:send("PORT my,ip,address,and,this,port") - - in case of PASV...well, anyway I'm also interrested in knowing how to achieve the previous question :) Let me summarize : I've got no proposals today, only problems...(sig) :( A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkwFO3IACgkQ3aDTTO0ha7hd8wCcDAfxOhtYq4F8kSZ0EkKO7c7V 6U8An1d92+USXwqrYh0zm3I3eRBIfIPR =k6sh -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Sounds like ftp-anon needs work?, (continued)
- Re: Sounds like ftp-anon needs work? Gutek (May 22)
- Re: Sounds like ftp-anon needs work? SM (May 23)
- Re: Sounds like ftp-anon needs work? David Fifield (May 27)
- Re: Sounds like ftp-anon needs work? Ron (May 27)
- Re: Sounds like ftp-anon needs work? Fyodor (May 29)
- Re: Sounds like ftp-anon needs work? Gutek (May 29)
- Re: Sounds like ftp-anon needs work? Richard Miles (May 30)
- Re: Sounds like ftp-anon needs work? Fyodor (May 30)
- Re: Sounds like ftp-anon needs work? David Fifield (May 31)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- Re: Sounds like ftp-anon needs work? Gutek (Jun 01)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 01)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 04)
- Re: Sounds like ftp-anon needs work? David Fifield (Jun 04)
- Re: Sounds like ftp-anon needs work? Rob Nicholls (Jun 01)
- RE: Sounds like ftp-anon needs work? Rob Nicholls (May 23)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)
- Re: Sounds like ftp-anon needs work? Gutek (May 24)