PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove minecraft-auth for now -- see http://seclists.org/nmap-dev/2011/q1/85

Browse Source
This commit is contained in:
fyodor
2011-01-12 07:51:30 +00:00
parent cdbd5e6c7b
commit 05f7c6ae07
2 changed files with 0 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
scripts/minecraft-auth.nse
View File

@@ -1,63 +0,0 @@
description = [[
Detects Minecraft offline/insecure authentication.
Logging into a Minecraft multiplayer server requires online
authentication at minecraft.net. Some Minecraft servers
however are configured to run in an insecure mode making
it possible to play multiplayer games in the absence of Internet
connectivity. A server running in the insecure mode skips the
authentication letting anyone log in with any username.
A determined individual can use modified client software to log
into such insecure servers with a username registered to another
player.
http://notch.tumblr.com/post/942787216/minecraft-alpha-1-0-16-minecraft-server-0-1-1-and-a
]]
---
-- @output
-- 25565/tcp open minecraft
-- |_minecraft-auth: vulnerable to username spoofing
author = "Toni Ruottu"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "default", "safe"}
require("bin")
require("nmap")
require("shortport")
portrule = shortport.port_or_service (25565, "minecraft", {"tcp"})
action = function( host, port )
local HANDSHAKE_REQUEST = 2
local HANDSHAKE_RESPONSE = 2
local socket = nmap.new_socket()
local status, _ = socket:connect(host.ip, port.number)
if not status then
return
end
--login name for the handshake
--(we never actually try logging into the server)
local login = "minecraft"
socket:send(bin.pack("C>P", HANDSHAKE_REQUEST, login))
status, data = socket:receive_bytes(4)
socket:close()
if not status then
return
end
local _, packet_id, connection_hash = bin.unpack("C>P", data)
if packet_id ~= HANDSHAKE_RESPONSE then
return
end
if connection_hash ~= "-" then
return
end
return "vulnerable to username spoofing"
end

1
scripts/script.db
View File

@@ -80,7 +80,6 @@ Entry { filename = "ldap-brute.nse", categories = { "auth", "intrusive", } }
Entry { filename = "ldap-rootdse.nse", categories = { "discovery", "safe", } }
Entry { filename = "ldap-search.nse", categories = { "discovery", "safe", } }
Entry { filename = "lexmark-config.nse", categories = { "discovery", "safe", } }
Entry { filename = "minecraft-auth.nse", categories = { "auth", "default", "safe", } }
Entry { filename = "modbus-discover.nse", categories = { "discovery", "intrusive", } }
Entry { filename = "mongodb-databases.nse", categories = { "default", "discovery", "safe", } }
Entry { filename = "mongodb-info.nse", categories = { "default", "discovery", "safe", } }