From f51f1b0154465271944e3e779c6db0a1511536c6 Mon Sep 17 00:00:00 2001 From: kris Date: Tue, 13 Apr 2010 05:13:49 +0000 Subject: [PATCH] Add "username" and "password" script args to ftp-bounce.nse It has scoped args in the straight form of "ftp-bounce." which is apparently how this works now (at least what other scripts seem to use) instead of using actual subtables like in http://seclists.org/nmap-dev/2008/q2/567 --- CHANGELOG | 3 +++ scripts/ftp-bounce.nse | 29 +++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a759d8346..b6f2d9054 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added script arguments "username" and "password" to ftp-bounce + to override the default anonymous:IEUser@ login combination. [Kris] + o [Zenmap] Made IP addresses be sorted by octet, not by their string representation. For example, 10.1.1.2 is now sorted before 10.1.1.10, when it was the opposite before. This was reported by diff --git a/scripts/ftp-bounce.nse b/scripts/ftp-bounce.nse index 10854ea62..eb495e12b 100644 --- a/scripts/ftp-bounce.nse +++ b/scripts/ftp-bounce.nse @@ -5,6 +5,9 @@ author = "Marek Majkowski" license="Same as Nmap--See http://nmap.org/book/man-legal.html" --- +-- @args ftp-bounce.username Username to login with instead of "anonymous" +-- @args ftp-bounce.password Password to login with instead of "IEUser@" +-- -- @output -- PORT STATE SERVICE -- 21/tcp open ftp @@ -72,6 +75,27 @@ get_ftp_code = function(socket) return fcode end +local get_login = function() + local user, pass + local k + + for _, k in ipairs({"ftp-bounce.username", "username"}) do + if nmap.registry.args[k] then + user = nmap.registry.args[k] + break + end + end + + for _, k in ipairs({"ftp-bounce.password", "password"}) do + if nmap.registry.args[k] then + pass = nmap.registry.args[k] + break + end + end + + return user or "anonymous", pass or "IEUser@" +end + action = function(host, port) local socket = nmap.new_socket() local result; @@ -79,6 +103,7 @@ action = function(host, port) local isAnon = false local isOk = false local sendPass = true + local user, pass = get_login() local fc socket:set_timeout(10000) @@ -105,7 +130,7 @@ action = function(host, port) socket:set_timeout(5000) -- USER - socket:send("USER anonymous\r\n") + socket:send("USER " .. user .. "\r\n") fc = get_ftp_code(socket) if (fc >= 400 and fc <= 499) or (fc >= 500 and fc <= 599) then socket:close() @@ -130,7 +155,7 @@ action = function(host, port) -- PASS if sendPass then - socket:send("PASS IEUser@\r\n") + socket:send("PASS " .. pass .. "\r\n") fc = get_ftp_code(socket) if (fc >= 500 and fc <= 599) or (fc >= 400 and fc <= 499) then socket:close()