Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Detection of ProFTPD backdoor

From: Michael Meyer <michael.meyer () greenbone net>
Date: Sat, 11 Dec 2010 09:50:04 +0100
*** Mak Kolybabi <mak () kolybabi com> wrote:

On 2010-12-08 14:22, Michael Meyer wrote:



NSE: Can't read command response: TIMEOUT


Since it sounds like the error that you're getting is consistently a timeout,
what is the result of changing *only* that value in the script? 


I have to wait longer if script doesn't work. ;)


The five-second timeout I chose was completely arbitrary.


It seems that for whatever reason sometimes "HELP ACIDBITCHEZ" is not
"accepted" by the proftpd. However i've noticed that your script
always works for me with the following patch.

---------------------------------------------------

--- /tmp/2/nmap/scripts/ftp-proftpd-backdoor.nse        2010-12-08 14:09:07.000000000 +0100
+++ /usr/local/share/nmap/scripts/ftp-proftpd-backdoor.nse      2010-12-11 09:53:12.000000000 +0100
@@ -82,6 +82,9 @@
                return
        end

+       sock:send("help foo\r\n")
+       sock:receive_lines(1)
+
        -- Send command to escalate privilege.
        status, err = sock:send(CMD_FTP .. "\r\n")
        if not status then

---------------------------------------------------

Micha
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: