Apply a patch from Toni Ruottu with some small misc. improvements to the netbus-* scripts. Also I changed netbus-auth-bypass to the safe category as recommended by Toni

2025-12-06 12:41:29 +00:00 · 2011-01-15 21:28:45 +00:00
parent aef6f90991
commit b27c8e29d7
4 changed files with 32 additions and 12 deletions
--- a/scripts/netbus-auth-bypass.nse
+++ b/scripts/netbus-auth-bypass.nse
@@ -10,13 +10,16 @@ and login to the service by typing Password;1; into the console.
 ]]
 ---
 -- @usage
 -- nmap -p 12345 --script netbus-auth-bypass <target>
 --
 -- @output
 -- 12345/tcp open  netbus
 -- |_netbus-auth-bypass: Vulnerable
 author = "Toni Ruottu"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"auth", "intrusive", "vuln"}
+categories = {"auth", "safe", "vuln"}
 require("nmap")
 require("stdnse")
@@ -50,6 +53,6 @@ action = function( host, port )
 	if buffer() == "Access;1" then
 		return "Vulnerable"
 	end
-	return
+	return "Not vulnerable, but password is empty"
 end
--- a/scripts/netbus-brute.nse
+++ b/scripts/netbus-brute.nse
@@ -3,6 +3,9 @@ Performs brute force password auditing about the Netbus backdoor ("remote admini
 ]]
 ---
 -- @usage
 -- nmap -p 12345 --script netbus-brute <target>
 --
 -- @output
 -- 12345/tcp open  netbus
 -- |_netbus-brute: password123
@@ -36,13 +39,18 @@ action = function( host, port )
 		local login = buffer()
 		if login == "Access;1" then
 			-- Store the password for other netbus scripts
-			nmap.registry.netbuspassword=password
+			local key = string.format("%s:%d", host.ip, port.number)
-
+			if not nmap.registry.netbuspasswords then
 				nmap.registry.netbuspasswords = {}
 			end
 			nmap.registry.netbuspasswords[key] = password
 			if password == "" then
 				return "<empty>"
 			end
 			return string.format("%s", password)
 		end
 	end
 	socket:close()
 end
--- a/scripts/netbus-info.nse
+++ b/scripts/netbus-info.nse
@@ -18,6 +18,9 @@ and an smtp-server used for notification delivery.
 ]]
 ---
 -- @usage
 -- nmap -p 12345 --script netbus-info <target> --script-args netbus-info.password=<password>
 --
 -- @output
 -- 12345/tcp open  netbus
 -- | netbus-info:   
@@ -41,6 +44,8 @@ and an smtp-server used for notification delivery.
 -- |     Wave: 0
 -- |     Synth: 0
 -- |_    Cd: 0
 --
 -- @args netbus-info.password The password used for authentication
 author = "Toni Ruottu"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -123,12 +128,14 @@ local function format_volume(volume)
 end
 action = function( host, port )
-
+	local password = nmap.registry.args[SCRIPT_NAME .. ".password"]
-	local password = nmap.registry.netbuspassword
+	if not password and nmap.registry.netbuspasswords then
-	if password == nil then
+		local key = string.format("%s:%d", host.ip, port.number)
-		password = ""		 
+		password = nmap.registry.netbuspasswords[key]
 	end
 	if not password then
 		password = ""
 	end
 	local socket = nmap.new_socket()
 	socket:set_timeout(5000)
 	local status, err = socket:connect(host.ip, port.number)
@@ -153,7 +160,6 @@ action = function( host, port )
 	socket:close()
 	local response = {}
 	table.insert(response, "")
 	table.insert(response, format_acl(acl))
 	table.insert(response, format_apps(apps))
 	table.insert(response, format_info(info))
--- a/scripts/netbus-version.nse
+++ b/scripts/netbus-version.nse
@@ -4,6 +4,9 @@ that mimes NetBus.
 ]]
 ---
 -- @usage
 -- nmap -sV -p 12345 --script netbus-version <target>
 --
 -- @output
 -- 12345/tcp open  netbus  Netbuster (honeypot)
@@ -15,7 +18,7 @@ require("nmap")
 require("stdnse")
 require("shortport")
-portrule = shortport.version_port_or_service (12345, "netbus", {"tcp"})
+portrule = shortport.version_port_or_service ({}, "netbus", {"tcp"})
 action = function( host, port )