PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-27 01:49:03 +00:00
Code Issues Projects Releases Wiki Activity

Bounce scan: detect no-password-needed logon

Browse Source
This commit is contained in:
dmiller
2016-07-29 15:50:47 +00:00
parent bb9d03269c
commit 204962648c
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
nmap_ftp.cc
View File

@@ -221,6 +221,14 @@ int ftp_anon_connect(struct ftpinfo *ftp) {
if (recvbuf[0] == '5')
fatal("Your FTP bounce server doesn't like the username \"%s\"", ftp->user);
if (!strncmp(recvbuf, "230", 3)) {
// 230 User logged in
// No need to send PASS
if (o.verbose)
log_write(LOG_STDOUT, "Login credentials accepted by FTP server!\n");
ftp->sd = sd;
return sd;
}
Snprintf(command, 511, "PASS %s\r\n", ftp->pass);
send(sd, command, strlen(command), 0);