The imap-capabilities script is mostly feature-complete but I could
see adding some analysis code to warn users of non-SSL'd IMAP servers
that offer STARTTLS without NOLOGIN.
The imap "library" is really a joke. It does the minimum required to
support getting capabilities and nothing more. IMAP requires each
command to use a unique identifier like 000, 001, 002, etc. Right now
the identifier is hardcoded to a001. To make a real imap library that
supports logging in, and other IMAP features a state variable will
have to be maintained to change the command uid. It would be nice to
see the library get updated so that IMAP brute-forcing could be
supported.
with the struct (bin) library available:
function hextobin(str) return bin.pack("H", str) end
function bintohex(str) return bin.unpack("H", str) end
Also removed a commented copy that was in the sniffer-detect.nse script.
1) Checks if the root folder is protected and aborts if it is (we can't scan folders if the root folder is protected)
2) Checks if WebDAV is enabled on the server and aborts if it isn't. The check works on IIS 5, 5.1, and 6.0 (hasn't been tested on others)
3) Added support for finding the vulnerability on IIS 5.1 (Windows XP) -- 5.0 doesn't appear to be vulnerable in our tests
messages. Instead of handling an error nicely, it caused a format string
error of its own:
./nselib/stdnse.lua:61: bad argument #3 to 'format' (string expected, got nil)
It seems that a deadlock happens immediately after one of these errors
occurs. This change doesn't fix the deadlock but allows the underlying
error message to be printed.
error at the wrong level, so not all possible errors were being run through the
help table. Specifically, errors returned msrpc.start_smb and msrpc.bind, which
included at least NT_STATUS_OBJECT_NAME_NOT_FOUND, didn't get the explanatory
text. I made a mistake in testing the error reporting the first time around.
check in smb-check-vulns.nse: NT_STATUS_OBJECT_NAME_NOT_FOUND and
NT_STATUS_ACCESS_DENIED. Ron and I found the best explanations for these
that we could. There is another error, NT_STATUS_NOT_SUPPORTED, which is
less common than these but has been observed. We still don't have a clue
as to the cause of that one.
