Nmap Development mailing list archives
New VA Modules: NSE: 4, MSF: 1
From: New VA Module Alert Service <postmaster () insecure org>
Date: Sun, 19 Feb 2012 11:24:01 -0800 (PST)
This report describes any new scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus since yesterday. == Nmap Scripting Engine scripts (4) == r28092 dns-client-subnet-scan http://nmap.org/nsedoc/scripts/dns-client-subnet-scan.html Performs a domain lookup using the edns-client-subnet [1] option that adds support for adding subnet information to the query in regards to where the query is originating from. The script uses this option to supply a number of geographically distributed locations in an attempt to enumerate as many different address records as possible. The script also supports requests using a given subnet. r28094 http-vuln-cve2010-2861 http://nmap.org/nsedoc/scripts/http-vuln-cve2010-2861.html This script will execute a directory traversal attack against a ColdFusion server and try to grab the password hash for the administrator user. It will then use the salt value (hidden in the web page) to create the SHA1 HMAC hash that the web server needs for authentication as admin. You can pass this value to the ColdFusion server as the admin without cracking the password hash. r28096 ndmp-fs-info http://nmap.org/nsedoc/scripts/ndmp-fs-info.html Lists remote file systems by querying the remote device using the Network Data Management Protocol (ndmp). NDMP is a protocol intended to transport data between a NAS device and the backup device, removing the need for the data to pass through the backup server. The following products are known to support the protocol: * Amanda * Bacula * CA Arcserve * CommVault Simpana * EMC Networker * Hitachi Data Systems * IBM Tivoli * Quest Software Netvault Backup * Symantec Netbackup * Symantec Backup Exec r28096 ndmp-version http://nmap.org/nsedoc/scripts/ndmp-version.html Retrieves version information from the remote Network Data Management Protocol (ndmp) service. NDMP is a protocol intended to transport data between a NAS device and the backup device, removing the need for the data to pass through the backup server. The following products are known to support the protocol: * Amanda * Bacula * CA Arcserve * CommVault Simpana * EMC Networker * Hitachi Data Systems * IBM Tivoli * Quest Software Netvault Backup * Symantec Netbackup * Symantec Backup Exec == Metasploit modules (1) == r14755 http://metasploit.com/redmine/projects/framework/repository/entry/modules/auxiliary/scanner/http/http_traversal.rb Generic HTTP Directory Traversal Utility _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New VA Modules: NSE: 4, MSF: 1 New VA Module Alert Service (Feb 19)