From b7b29b01455bd3c21f53a8205a3019ada11d523c Mon Sep 17 00:00:00 2001 From: dmiller Date: Thu, 25 Jan 2018 16:12:49 +0000 Subject: [PATCH] Telnet softmatches. Closes #1083 --- CHANGELOG | 4 ++++ nmap-service-probes | 16 +++++++++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index b6829caf1..6158d10bf 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,9 @@ #Nmap Changelog ($Id$); -*-text-*- +o [NSE][GH#1083] New set of Telnet softmatches for version detection based on + Telnet DO/DON'T options offered, covering a wide variety of devices and + operating systems. [D Roberson] + o [NSE][GH#1090] Fix false positives in rexec-brute by checking responses for indications of login failure. [Daniel Miller] diff --git a/nmap-service-probes b/nmap-service-probes index 8fdf583f6..cc9675a02 100644 --- a/nmap-service-probes +++ b/nmap-service-probes @@ -5151,7 +5151,21 @@ match quasar m|^ \0\0\0.{32}$|s p/QuasarRAT remote administration tool/ o/Window match landesk-rc m=^(?!HTTP|RTSP|SIP).{264}$=s p/LANDesk remote management/ cpe:/a:landesk:landesk_management_suite/ # Specific vendor telnet options that should be matched more accurately by prompt, etc. -softmatch telnet m|^\xff\xfb\x01\xff\xfb\x01\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f| p/Huawei telnetd/ +# Source: https://github.com/nmap/nmap/pull/1083 +softmatch telnet m|^\xff\xfb\x01(?!\xff)| p|APC PDU/UPS devices or Windows CE telnetd| +softmatch telnet m|^\xff\xfb\x01\xff\xfd\x03\xff\xfb\x03\xff\xfd\x1f(?!\xff)| p/Aruba telnetd/ +softmatch telnet m|^\xff\xfd\x03(?!\xff)| p/Cisco telnetd/ +softmatch telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f(?!\xff)| p/Cisco IOS telnetd/ +softmatch telnet m|^\xff\xfd\x1f(?!\xff)| p/Cowrie Honeypot telnetd/ +softmatch telnet m|^\xff\xfd\x03\xff\xfb\x03\xff\xfb\x01(?!\xff)| p/Enterasys telnetd/ +softmatch telnet m|^\xff\xfb\x01\xff\xfb\x03(?!\xff)| p/HP LaserJet telnetd/ d/printer/ +softmatch telnet m|^\xff\xfb\x03\xff\xfb\x01(?!\xff)| p/HP Integrated Lights Out telnetd/ d/remote management/ +softmatch telnet m|^\xff\xfc\x01(?!\xff)| p/HP JetDirect telnetd/ d/printer/ +softmatch telnet m|^\xff\xfb\x01\xff\xfb\x01\xff\xfb\x01\xff\xfb\x03\xff\xfd\x18\xff\xfd\x1f(?!\xff)| p/Huawei telnetd/ +softmatch telnet m|^\xff\xfd\x18\xff\xfd\x20\xff\xfd\x23\xff\xfd\x27(?!\xff)| p/Linux telnetd/ o/Linux/ cpe:/o:linux:linux_kernel/a +softmatch telnet m|^\xff\xfd\x25\xff\xfb\x01\xff\xfb\x03\xff\xfd\x27\xff\xfd\x1f\xff\xfd\x00\xff\xfb\x00(?!\xff)| p/Microsoft Telnet Service telnetd/ +softmatch telnet m|^\xff\xfd\x25\xff\xfb\x01\xff\xfd\x03\xff\xfd\x1f\xff\xfd\x00\xff\xfb\x00(?!\xff)| p/Windows NT 4.0 telnetd/ o/Windows/ cpe:/o:microsoft:windows_nt:4.0/a +softmatch telnet m|^\xff\xfb\x01\xff\xfb\x03\xff\xfb\x00\xff\xfd\x01\xff\xfd\x00(?!\xff)| p/Moxa Serial to Ethernet telnetd/ # BusyBox matches. We'll softmatch to elicit submissions with details. # IAC DO TELOPT_LFLOW was removed in 1.14.0