| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45D73ED1.7000001@gmail.com>
Date: Sat, 17 Feb 2007 18:43:45 +0100
From: endrazine <endrazine@...il.com>
To: pagvac <unknown.pentester@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Solaris telnet vulnberability - how many on
yournetwork?
Hi,
you dont want to ask nmap to determine the OS based on port 23 scan only.
so, s/p23// in the second nmap call.
hence:
#!/bin/bash
# solaris-telnetd-audit.sh
IPSFILE="./ips.lst"; # file containing IPs to scan
MESSAGE="possible-Solaris-telnet-server-found";
EMAIL="youremail@...ain.tld";
for IP in `cat $IPSFILE`
do
echo "Trying $IP ...";
if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null
then
if nmap -P0 -n -sV $IP | grep -ie 'SunOS' -ie
'Solaris' > /dev/null
then
echo "$MESSAGE -> $IP"; echo $IP >> $0.results;
fi
fi
done
cat $0.results | mail -s $MESSAGE $EMAIL
my 0.02$
Cheers,
endrazine-
pagvac a écrit :
> On 2/17/07, Marcin Antkiewicz <fd@...tek.org> wrote:
>
>> On Sat, 17 Feb 2007, pagvac wrote:
>>
>>> The following script might also help find Solaris telnet servers on
>>> your network.
>>>
>> [...]
>>
>>
>>> for IP in `cat $IPSFILE`
>>> do
>>> echo "Trying $IP ...";
>>> if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null
>>> then
>>> if nmap -P0 -n -p23 -sV $IP | grep -ie 'SunOS' -ie 'Solaris'
>>> then
>>> echo "$MESSAGE on $IP"; echo $IP >>
>>> $0.results; echo $IP | mail -s $MESSAGE $EMAIL
>>> fi
>>> fi
>>> done
>>>
>> The output would be too noisy on a large network. Few weeks ago I ran
>>
>
> Noisy only on the screen/email output. However, notice that *only* the
> IP addresses found running Solaris telnet servers are written to the
> results file ($0.results).
>
> Perhaps we should change it to the following so that only one email is
> sent with all the IP addresses found:
>
> #!/bin/bash
>
> # solaris-telnetd-audit.sh
>
> IPSFILE="./ips.lst"; # file containing IPs to scan
> MESSAGE="possible-Solaris-telnet-server-found";
> EMAIL="youremail@...ain.tld";
>
> for IP in `cat $IPSFILE`
> do
> echo "Trying $IP ...";
> if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null
> then
> if nmap -P0 -n -p23 -sV $IP | grep -ie 'SunOS' -ie
> 'Solaris' > /dev/null
> then
> echo "$MESSAGE -> $IP"; echo $IP >> $0.results;
> fi
> fi
> done
>
> cat $0.results | mail -s $MESSAGE $EMAIL
>
>
> P.S.: I personally like using genip
> [http://www.bindshell.net/tools/genip] for generating lists of IP
> addresses.
>
>
>> something that would go like this:
>>
>>
>> ( echo "Sun bxes with telnet"; \
>> nmap -n -P0 -iL list -p 23 -O -oG - | \
>> grep -Ei 'Host.+open.+(Solaris|SunOS)' | \
>> cut -d ' ' -f 2 \
>> ) | mail -s "Check those" unixadmins@...mple.com
>>
>>
>> --
>> Marcin Antkiewicz
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists