Nmap Development mailing list archives
Re: [NSE] Detection of ProFTPD backdoor
From: David Fifield <david () bamsoftware com>
Date: Sun, 12 Dec 2010 15:29:11 -0800
On Sat, Dec 11, 2010 at 09:50:04AM +0100, Michael Meyer wrote:
*** Mak Kolybabi <mak () kolybabi com> wrote:On 2010-12-08 14:22, Michael Meyer wrote:NSE: Can't read command response: TIMEOUTSince it sounds like the error that you're getting is consistently a timeout, what is the result of changing *only* that value in the script?I have to wait longer if script doesn't work. ;)The five-second timeout I chose was completely arbitrary.It seems that for whatever reason sometimes "HELP ACIDBITCHEZ" is not "accepted" by the proftpd. However i've noticed that your script always works for me with the following patch. --------------------------------------------------- --- /tmp/2/nmap/scripts/ftp-proftpd-backdoor.nse 2010-12-08 14:09:07.000000000 +0100 +++ /usr/local/share/nmap/scripts/ftp-proftpd-backdoor.nse 2010-12-11 09:53:12.000000000 +0100 @@ -82,6 +82,9 @@ return end + sock:send("help foo\r\n") + sock:receive_lines(1) +
Does it also work without the sock:send line? It might be that the server is a little slow to respond and receive_lines(1) is not getting all the data before sending the escalation string. What about using the read_reply function from ftp-anon.nse, does that work? David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Detection of ProFTPD backdoor, (continued)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Kris Katterjohn (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 06)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 08)
- Re: [NSE] Detection of ProFTPD backdoor Mak Kolybabi (Dec 10)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 11)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 12)
- Re: [NSE] Detection of ProFTPD backdoor Michael Meyer (Dec 13)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 29)
- Re: [NSE] Detection of ProFTPD backdoor David Fifield (Dec 07)