Jiayi's Status Report - #10 of 17

[Jiayi Ye <yejiayily () gmail com>]

Hi,

Accomplishments :
* Vuln script license. Got licenses of scip vulndb and exploit-db. The
licenses of CVE, scip vulndb and exploit-db are as follows.
CVE: The MITRE Corporation (MITRE) hereby grants you a non-exclusive,
royalty-free license to use Common Vulnerabilities and Exposures (CVE®) for
research, development, and commercial purposes. Any copy you make for such
purposes is authorized provided that you reproduce MITRE’s copyright
designation and this license in any such copy.
scip vulndb: "You might use the export provided at
http://www.scip.ch/vuldb/scipvuldb.csv. The list is updated hourly and
therefore always up-to-date. Please include a solid attribution to the
original source. "
exploit-db: “The Exploit Database data that are available on our GitHub
page at the URL below can be freely distributed provided it is for
non-commercial reasons. There is no formal license in place for the data
but it can be considered to be in line with the GPL v3."

* Updated smb2.lua. Fixed previous bug related with SMB2_COM_SESSION_SETUP.
Added commands SMB2_COM_TREE_CONNECT, SMB2_COM_TREE_DISCONNECT and
SMB2_COM_LOGOFF. [1]
 * Set up new vuln environment on VMware ESX related with CVE-2015-1635.
Because we found a metasploit script implemented information disclosure,
and as it mentioned "if the target is running in VMware Workstation, this
module has a high likelihood of resulting in BSOD; however, VMware ESX and
non-virtualized hosts seem stable”, so I need VMware ESX hosts for testing.

Priorities:
* Have a meeting with my mentor.
* Update http-vuln-cve2015-1635.nse and vulscan.nse
* Update smb2.lua.

[1] https://svn.nmap.org/nmap-exp/jiayi/nselib/smb2.lua

Thanks,
Jiayi Ye

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/