Nmap Development mailing list archives
Djalal's Status Report - #13 of 17
From: Djalal Harouni <tixxdz () opendz org>
Date: Tue, 26 Jul 2011 02:39:15 +0100
Hi, Accomplishments: * Updated my script idea list and other parts of the script ideas page. * Committed Chris Woodbury patches for the print_hex() function [1]. * Contacted metasploit developers MC and bannedit to get more information about the Zend Java bridge remote code execution vulnerability [2] and their modules, and I got a quick response from MC, thanks man :) (the metasploit developers hare very helpful). It seems that the problem is in my side: I did not install/configure the Zend Server correctly. (aah it's really hard to follow the Windows software installation process :) ). * Have done a lot of research about the vulnerability library, and have written a draft proposal for it. Finally I've also started the implementation, and I'll push more code soon. * I've reviewed the Microsoft Print Spooler Impersonation vulnerability details (CVE-2010-2729) and prepared a vulnerable Windows for it. * Had a meeting with Henri. Priorities: * Re-test the Zend Java bridge metasploit modules, confirm the vulnerability and finish the zend-vuln-osvdb-71420.nse script. * Finish the the vulnerability library vulns.lua * Work on the Microsoft Print Spooler Service Impersonation vulnerability (CVE-2010-2729). * Discuss with my mentor and others the idea of a vulnerability detection script that will use a db like OSVDB or a web service like: exploitsearch.net * Continue work on my list of scripts. [1] http://seclists.org/nmap-dev/2011/q3/315 [2] http://osvdb.org/71420 -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Djalal's Status Report - #13 of 17 Djalal Harouni (Jul 25)
- Colin Rice Status Report - #13 of 17 Colin Rice (Jul 25)