Not very interesting, but it may work with other FTP servers...
# This script was written by Michel Arboi <arboi@bigfoot.com>
#
# GPL
#
# References:
# Date: Wed, 12 Sep 2001 04:36:22 -0700 (PDT)
# From: "ByteRage" <byterage@yahoo.com>
# Subject: EFTP Version 2.0.7.337 vulnerabilities
# To: bugtraq@securityfocus.com
#
if(description)
{
#script_id(11082);
script_version("$Revision$");
name["english"] = "EFTP installation directory disclosure ";
name["francais"] = "EFTP révèle le répertoire d'installation";
script_name(english:name["english"], francais:name["francais"]);
desc["english"] = "
The remote FTP server can be used to determine the
installation directory by sending a request on an
unexisting file.
An attacker may use this flaw to gain more knowledge about
this host, such as its filesystem layout.
Solution : update your FTP server
Risk factor : Low";
desc["francais"] = "
Le serveur FTP distant peut révéler son répertoire
d'installation en répondant à une requête sur un
fichier non existant.
Un pirate peut utiliser ce problème pour obtenir
plus d'informations sur ce système, comme la hiérarchie
de fichiers mise en place.
Solution : mettez votre serveur FTP à jour
Facteur de risque : Faible";
script_description(english:desc["english"], francais:desc["francais"]);
summary["english"] = "EFTP installation directory disclosure";
summary["francais"] = "EFTP révèle son répertoire d'installation";
script_summary(english:summary["english"], francais:summary["francais"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2002 Michel Arboi",
francais:"Ce script est Copyright (C) 2002 Michel Arboi");
family["english"] = "FTP";
family["francais"] = "FTP";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("find_service.nes", "ftp_anonymous.nasl");
script_require_ports("Services/ftp", 21);
script_require_keys("ftp/login");
exit(0);
}
#
cmd[0] = "GET";
cmd[1] = "MDTM";
port = get_kb_item("Services/ftp");
if(!port)port = 21;
login = get_kb_item("ftp/login");
pass = get_kb_item("ftp/password");
# login = "ftp"; pass = "test@test.com";
if (!login) login = "ftp";
if (!pass) pass = "nessus@nessus.com";
if(! get_port_state(port)) exit(0);
soc = open_sock_tcp(port);
if(! soc) exit(0);
if( ftp_log_in(socket:soc, user:login, pass:pass))
{
for (i = 0; i < 2; i=i+1)
{
req = string(cmd[i], " nessus", rand(), "\r\n");
send(socket:soc, data:req);
r = recv(socket:soc, length:4096);
if (ereg(string:r, pattern:" '[C-Z]:\\'"))
{
security_warning(port);
i=999;
}
}
}
send(socket: soc, data: string("QUIT\r\n"));
close(soc);
# This script was written by Michel Arboi <arboi@bigfoot.com>
#
# GPL
#
# References:
# Date: Wed, 12 Sep 2001 04:36:22 -0700 (PDT)
# From: "ByteRage" <byterage@yahoo.com>
# Subject: EFTP Version 2.0.7.337 vulnerabilities
# To: bugtraq@securityfocus.com
#
if(description)
{
#script_id(11082);
script_version("$Revision$");
name["english"] = "EFTP installation directory disclosure ";
name["francais"] = "EFTP révèle le répertoire d'installation";
script_name(english:name["english"], francais:name["francais"]);
desc["english"] = "
The remote FTP server can be used to determine the
installation directory by sending a request on an
unexisting file.
An attacker may use this flaw to gain more knowledge about
this host, such as its filesystem layout.
Solution : update your FTP server
Risk factor : Low";
desc["francais"] = "
Le serveur FTP distant peut révéler son répertoire
d'installation en répondant à une requête sur un
fichier non existant.
Un pirate peut utiliser ce problème pour obtenir
plus d'informations sur ce système, comme la hiérarchie
de fichiers mise en place.
Solution : mettez votre serveur FTP à jour
Facteur de risque : Faible";
script_description(english:desc["english"], francais:desc["francais"]);
summary["english"] = "EFTP installation directory disclosure";
summary["francais"] = "EFTP révèle son répertoire d'installation";
script_summary(english:summary["english"], francais:summary["francais"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2002 Michel Arboi",
francais:"Ce script est Copyright (C) 2002 Michel Arboi");
family["english"] = "FTP";
family["francais"] = "FTP";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("find_service.nes", "ftp_anonymous.nasl");
script_require_ports("Services/ftp", 21);
script_require_keys("ftp/login");
exit(0);
}
#
cmd[0] = "GET";
cmd[1] = "MDTM";
port = get_kb_item("Services/ftp");
if(!port)port = 21;
login = get_kb_item("ftp/login");
pass = get_kb_item("ftp/password");
# login = "ftp"; pass = "test@test.com";
if (!login) login = "ftp";
if (!pass) pass = "nessus@nessus.com";
if(! get_port_state(port)) exit(0);
soc = open_sock_tcp(port);
if(! soc) exit(0);
if( ftp_log_in(socket:soc, user:login, pass:pass))
{
for (i = 0; i < 2; i=i+1)
{
req = string(cmd[i], " nessus", rand(), "\r\n");
send(socket:soc, data:req);
r = recv(socket:soc, length:4096);
if (ereg(string:r, pattern:" '[C-Z]:\\'"))
{
security_warning(port);
i=999;
}
}
}
send(socket: soc, data: string("QUIT\r\n"));
close(soc);