Detection of CORBA (GIOP protocol)

["qhardyfr () gmail com" <qhardyfr () gmail com>]

I have a *CORBA GIOP* (General Inter-ORB Protocol) listener running on the
port 9876 of a server.
Nmap, with option -A -sV --version-all, does not detect this service (GIOP
protocol):

PORT STATE SERVICE
9876/tcp open *unknown*

There is a "service probe" for GIOP in the version 7 of nmap (line 1310,
filename nmap-service-probes) but it *doesn't detect* this service -:(

The following "service probe" detects this service type:

Probe TCP giop
q|GIOP\x01\x00\x01\x00$\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00abcdef\x00\x00\x04\x00\x00\x00get\x00\x00\x00\x00\x00|
match giop m|^GIOP| p/CORBA naming service/

Information about the packet:
GIOP Header:
- Magic: GIOP
- Version: 1.0 (\x01\x00)
- Msge type: Request (\x00)
- Msg size: 36 ($\x00\x00\x00 i.e \x24\x00\x00\x00)
Request Data:
- ServiceContextList (\x00\x00\x00\x00)
- Request Id: 1 (\x01\x00\x00\x00)
- Response expected: 1 (\x01)
- Object key Length: 6 (\x06x\00\x00\x00)
- Object Key: 616263646566
- Operation length : 4 (\x04\x00\x00\x00)
- Req Operation: get (i.e \x67\x65\x74\x00)
- Requesting Principal Length: 0 (\x00\x00\x00\x00)

When you use this "service probe", the server will respond with a "System
Exception".

This "service probe" could be put in a future version of
nmap-service-probes ?

--
Quentin HARDY

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/