PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-31 20:09:02 +00:00
Code Issues Projects Releases Wiki Activity

o Replaced kibuvDetection.nse with version detection match lines which

Browse Source 
work better than the script. [Kris, Brandon]
This commit is contained in:
kris
2008-05-25 23:30:21 +00:00
parent 71a29d4e2d
commit ee876ada98
4 changed files with 6 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
scripts/kibuvDetection.nse
View File

@@ -1,37 +0,0 @@
id = "Kibuv worm"
description = "\
A fake FTP server was installed by the KIBUV.B worm \
on this port. This worm uses known security flaws to \
infect the system. \
\
This machine may already be a 'zombi' used by crackers \
to perform distributed denial of service. \
\
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KIBUV.B&VSect=T"
author = "Diman Todorov <diman.todorov@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"malware"}
require "shortport"
portrule = shortport.port_or_service({7955, 14920, 42260}, "ftp")
action = function(host, port)
local socket = nmap.new_socket()
socket:connect(host.ip, port.number)
local status, s = socket:receive_lines(1)
if string.match(s, "220 StnyFtpd 0wns j0")
or
string.match(s, "220 fuckFtpd 0wns j0")
then
return "Suspecting that the host is KIBUV.B infected"
end
return
end

3
scripts/script.db
View File

@@ -10,7 +10,7 @@ Entry{ category = "version", filename = "PPTPversion.nse" }
Entry{ category = "backdoor", filename = "RealVNC_auth_bypass.nse" }
Entry{ category = "demo", filename = "SMTP_openrelay_test.nse" }
Entry{ category = "discovery", filename = "SMTPcommands.nse" }
Entry{ category = "intrusive", filename = "SMTPcommands.nse" }
Entry{ category = "safe", filename = "SMTPcommands.nse" }
Entry{ category = "discovery", filename = "SNMPsysdesr.nse" }
Entry{ category = "safe", filename = "SNMPsysdesr.nse" }
Entry{ category = "vulnerability", filename = "SQLInject.nse" }
@@ -28,7 +28,6 @@ Entry{ category = "intrusive", filename = "ftpbounce.nse" }
Entry{ category = "version", filename = "iax2Detect.nse" }
Entry{ category = "discovery", filename = "ircServerInfo.nse" }
Entry{ category = "malware", filename = "ircZombieTest.nse" }
Entry{ category = "malware", filename = "kibuvDetection.nse" }
Entry{ category = "discovery", filename = "nbstat.nse" }
Entry{ category = "safe", filename = "nbstat.nse" }
Entry{ category = "version", filename = "netbios-smb-os-discovery.nse" }