Nmap Development mailing list archives

Re: [GSoC 2015] Proposal

From: Egon Stefán <donhekus () gmail com>
Date: Sun, 15 Mar 2015 22:38:33 +0100

Hi,

I started to write a script for Seagate Business NAS Unauthenticated Remote
Command Execution [1], but i haven't got any idea, how can i test it? I
should emulate a test enviroment or something like this?

Thanks for help,
Egon


[1] http://www.exploit-db.com/exploits/36264/

2015-03-14 14:56 GMT+01:00 Daniel Miller <bonsaiviking () gmail com>:

Egon,

Thanks for your interest! We already have a couple scripts for this kind
of thing. First, there is http-devframework [1], which runs a web spider
over a site looking for signs of particular web frameworks like Django,
ASP.NET, Joomla, etc. Then, we have http-enum [2], which uses a different
set of fingerprints to define particular requests and response checks to
identify various devices, web software, and common URI paths, etc.

I think your idea sounds like it would fit best as a few more fingerprints
in http-devframework. This would be a nice small project to get comfortable
with NSE and Lua syntax. If you're looking for something more advanced, you
could work on an existing bug we have open for our http-slowloris script
[3]. Or you could sift through exploit-db.com or the full-disclosure
mailing list looking for interesting things to turn into exploit scripts.
Here's one example: Seagate Business NAS Unauthenticated Remote Command
Execution [4]

Dan

[1] http://nmap.org/nsedoc/scripts/http-devframework.html
[2] http://nmap.org/nsedoc/scripts/http-enum.html
[3] http://issues.nmap.org/63
[4] http://www.exploit-db.com/exploits/36264/

On Sat, Mar 14, 2015 at 5:43 AM, Egon Stefán <donhekus () gmail com> wrote:

Hi everyone!

I want to write a script which try to find out what popular WCMS system
is used in web servers (e107, SMF, etc).
This isn't the best proposal for the position what i want (Vulnerability
and exploitation specialist), but i think this is good starting for NSE
and Lua.
I want to scan typical folders and files which identify the WCMS system,
this idea is good or think about other idea?

Thanks for help,
Egon

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[GSoC 2015] Proposal Egon Stefán (Mar 14)
- Re: [GSoC 2015] Proposal Daniel Miller (Mar 14)
  - Re: [GSoC 2015] Proposal Egon Stefán (Mar 15)