Nmap Development mailing list archives
Re: GSoC 2012 Project - Vulnerability and exploitation specialist
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Sat, 24 Mar 2012 00:08:43 +0200
Thanks for showing interest in nmap. Some improvement suggestions follow. Use the vulns library for reporting the vulnerability (see http://nmap.org/nsedoc/lib/vulns.html ) We wouldn't typically return anything for systems that are not vulnerable because we want to avoid flooding the user with information. Using the vulns library should solve this problem as well iirc. The script has some magic numbers in it. Try describing what they contain. You could use comments, or split the long numbers into fields based on the protocol's format. On Fri, Mar 23, 2012 at 11:36 PM, Aleksandar Nikolic <nikolic.alek () gmail com> wrote:
Hi, I am Aleksandar Nikolic, a final year Computer Science student at Faculty Of Technical Sciences, University of Novi Sad. I have certain experience in vulnerability and exploit research, and would like to apply for a position of a Script developer- Vulnerability and exploitation specialist in the following Google Summer Of Code. Since student applications haven't started yet I won't talk a lot about myself now, but guidelines from Google suggest to try to contact the community and possibly discuss the project. In an attempt to prepare for the application and to get familiar with nmap's scripting engine I wrote a script to test for recent Windows RDP vulnerability. Everybody is talking about the vulnerability and until today I was unaware of a way to check if a machine is vulnerable or not without causing the BSoD. My script is based on work by sleepya . His tests are crafted in a way that would avoid triggering the BSoD. Please see the attached code for details. Of course, this script would need to be thoroughly tested, but my tests have shown that it works, at least on Windows XP. Also, I've just started playing with NSE and wanted to share this with you since it is a hot topic currently. Please let me know if I should make some improvements. I hope that you will find it useful. On topic, do you have any suggestions for me regarding the application for this position? Thank you, Aleksandar Nikolic _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Toni Ruottu (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 23)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 24)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 25)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 26)
- Message not available
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 26)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 26)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 28)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist David Fifield (Mar 28)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Djalal Harouni (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 29)
- Re: GSoC 2012 Project - Vulnerability and exploitation specialist Aleksandar Nikolic (Mar 24)