PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Be more strict about NetBus protocol. Fixes false positives

Browse Source 
Had a report via service fingerprint correction of netbus-version
reporting an unrelated service as NetBuster. This would happen for any
service on port 12345 that responds with a banner containing less than 2
carriage returns, or which closes the connection after the first NetBus
protocol message. Now, all netbus-* scripts require the banner to begin
with "NetBus" before they will continue.
This commit is contained in:
dmiller
2015-02-18 02:57:29 +00:00
parent a4dc1b8ff6
commit 9db8dfda1d
4 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/netbus-auth-bypass.nse
View File

@@ -37,7 +37,11 @@ action = function( host, port )
return
end
local buffer, _ = stdnse.make_buffer(socket, "\r")
buffer() --discard banner
_ = buffer()
if not (_ and _:match("^NetBus")) then
stdnse.debug1("Not NetBus")
return nil
end
-- The first argument of Password is the super-login bit.
-- On vulnerable servers any password will do as long as

4
scripts/netbus-brute.nse
View File

@@ -35,6 +35,10 @@ action = function( host, port )
end
local buffer, err = stdnse.make_buffer(socket, "\r")
local _ = buffer() --skip the banner
if not (_ and _:match("^NetBus")) then
stdnse.debug1("Not NetBus")
return nil
end
for password in passwords do
local foo = string.format("Password;0;%s\r", password)
socket:send(foo)

4
scripts/netbus-info.nse
View File

@@ -164,6 +164,10 @@ action = function( host, port )
local status, err = socket:connect(host.ip, port.number)
local buffer, err = stdnse.make_buffer(socket, "\r")
local _ = buffer()
if not (_ and _:match("^NetBus")) then
stdnse.debug1("Not NetBus")
return nil
end
socket:send(string.format("Password;1;%s\r", password))
local gotin = buffer()
if gotin == "Access;0" then

6
scripts/netbus-version.nse
View File

@@ -30,7 +30,11 @@ action = function( host, port )
return
end
local buffer, _ = stdnse.make_buffer(socket, "\r")
buffer() --discard banner
_ = buffer()
if not (_ and _:match("^NetBus")) then
stdnse.debug1("Not NetBus")
return nil
end
socket:send("Password;0;\r")
--NetBus answers to auth