Nmap Development mailing list archives
Re: [NSE] Detection of ProFTPD backdoor
From: Michael Meyer <michael.meyer () greenbone net>
Date: Sat, 11 Dec 2010 09:50:04 +0100
*** Mak Kolybabi <mak () kolybabi com> wrote:
On 2010-12-08 14:22, Michael Meyer wrote:
NSE: Can't read command response: TIMEOUTSince it sounds like the error that you're getting is consistently a timeout, what is the result of changing *only* that value in the script?
I have to wait longer if script doesn't work. ;)
The five-second timeout I chose was completely arbitrary.
It seems that for whatever reason sometimes "HELP ACIDBITCHEZ" is not "accepted" by the proftpd. However i've noticed that your script always works for me with the following patch. --------------------------------------------------- --- /tmp/2/nmap/scripts/ftp-proftpd-backdoor.nse 2010-12-08 14:09:07.000000000 +0100 +++ /usr/local/share/nmap/scripts/ftp-proftpd-backdoor.nse 2010-12-11 09:53:12.000000000 +0100 @@ -82,6 +82,9 @@ return end + sock:send("help foo\r\n") + sock:receive_lines(1) + -- Send command to escalate privilege. status, err = sock:send(CMD_FTP .. "\r\n") if not status then --------------------------------------------------- Micha _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 10)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 11)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 12)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 13)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 29)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)