[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?
- To: pagvac <unknown.pentester@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Solaris telnet vulnberability - how many on yournetwork?
- From: endrazine <endrazine@xxxxxxxxx>
- Date: Sat, 17 Feb 2007 18:43:45 +0100
Hi,
you dont want to ask nmap to determine the OS based on port 23 scan only.
so, s/p23// in the second nmap call.
hence:
#!/bin/bash
# solaris-telnetd-audit.sh
IPSFILE="./ips.lst"; # file containing IPs to scan
MESSAGE="possible-Solaris-telnet-server-found";
EMAIL="youremail@xxxxxxxxxx";
for IP in `cat $IPSFILE`
do
echo "Trying $IP ...";
if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null
then
if nmap -P0 -n -sV $IP | grep -ie 'SunOS' -ie
'Solaris' > /dev/null
then
echo "$MESSAGE -> $IP"; echo $IP >> $0.results;
fi
fi
done
cat $0.results | mail -s $MESSAGE $EMAIL
my 0.02$
Cheers,
endrazine-
pagvac a écrit :
> On 2/17/07, Marcin Antkiewicz <fd@xxxxxxxxxx> wrote:
>
>> On Sat, 17 Feb 2007, pagvac wrote:
>>
>>> The following script might also help find Solaris telnet servers on
>>> your network.
>>>
>> [...]
>>
>>
>>> for IP in `cat $IPSFILE`
>>> do
>>> echo "Trying $IP ...";
>>> if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null
>>> then
>>> if nmap -P0 -n -p23 -sV $IP | grep -ie 'SunOS' -ie 'Solaris'
>>> then
>>> echo "$MESSAGE on $IP"; echo $IP >>
>>> $0.results; echo $IP | mail -s $MESSAGE $EMAIL
>>> fi
>>> fi
>>> done
>>>
>> The output would be too noisy on a large network. Few weeks ago I ran
>>
>
> Noisy only on the screen/email output. However, notice that *only* the
> IP addresses found running Solaris telnet servers are written to the
> results file ($0.results).
>
> Perhaps we should change it to the following so that only one email is
> sent with all the IP addresses found:
>
> #!/bin/bash
>
> # solaris-telnetd-audit.sh
>
> IPSFILE="./ips.lst"; # file containing IPs to scan
> MESSAGE="possible-Solaris-telnet-server-found";
> EMAIL="youremail@xxxxxxxxxx";
>
> for IP in `cat $IPSFILE`
> do
> echo "Trying $IP ...";
> if nmap -P0 -n -p23 -sS $IP | grep -i open > /dev/null
> then
> if nmap -P0 -n -p23 -sV $IP | grep -ie 'SunOS' -ie
> 'Solaris' > /dev/null
> then
> echo "$MESSAGE -> $IP"; echo $IP >> $0.results;
> fi
> fi
> done
>
> cat $0.results | mail -s $MESSAGE $EMAIL
>
>
> P.S.: I personally like using genip
> [http://www.bindshell.net/tools/genip] for generating lists of IP
> addresses.
>
>
>> something that would go like this:
>>
>>
>> ( echo "Sun bxes with telnet"; \
>> nmap -n -P0 -iL list -p 23 -O -oG - | \
>> grep -Ei 'Host.+open.+(Solaris|SunOS)' | \
>> cut -d ' ' -f 2 \
>> ) | mail -s "Check those" unixadmins@xxxxxxxxxxx
>>
>>
>> --
>> Marcin Antkiewicz
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/