Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] New script: qnx-qconn.nse

From: Patrik Karlsson <patrik () cqure net>
Date: Sun, 7 Oct 2012 14:47:53 +0200
On Sun, Oct 7, 2012 at 2:32 PM, Brendan Coles <bcoles () gmail com> wrote:


Hi nmap-dev,

Attached is qnx-qconn.nse which attempts to identify whether a listening
QNX QCONN daemon is vulnerable to command execution.

It has been tested on:
* QNX Neutrino 6.5.0
* QNX Neutrino 6.5.0 SP1

Example output:

PORT     STATE SERVICE VERSION
8000/tcp open  qconn   syn-ack qconn remote IDE support
| qnx-qconn:
|   Version: QNX localhost 6.5.0 2012/06/20-13:50:50EDT x86pc x86
|
|   Vulnerable to command execution vulnerability:
|_  http://metasploit.org/modules/exploit/unix/misc/qnx_qconn_exec

Feedback and suggestions are welcomed.


--
Brendan Coles
http://itsecuritysolutions.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



Hi Brendan,

Nice work. Unfortunately I don't have anything to test against, but I do
have some comments.
Please move the require statements to the top and assign them to local
variables.
You should probably use stdnse.get_script_args instead of referencing the
registry directly.

Cheers,
Patrik

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: