Yesterday, I posted an article about a Nmap script to detect potentially vulnerable Microsoft IIS FTP servers.
I updated the script which now allows an alternative FTP user and password pair to be passed via the command line (thanks to Chris for the comment). If no arguments are provided, an anonymous FTP session will be started.
Example:
# nmap -p 21 -sV --script=IIS-FTP --scriptargs=ftpuser=foo,ftppass=bar 10.0.0.7
The script location remains the same.
Hello Ron,
No problem of course! Feel free to reuse and blog!
Hey,
I made some seriously updates to your script, and would like to include it with Nmap (if Fyodor and others agree). Any thoughts?
Here’s my version:
http://www.skullsecurity.org/blogdata/ftp-capabilities.nse
Yours had a bug in it that would prevent it from running on the latest versions of Nmap: the isVuln variable was never declared, so when it was read the script would fail. I fixed that, changed the network i/o, changed how it looks for things, etc.
I wrote about it here (I kept getting questions from people that couldn’t work your script, so I figured I’d write a blog):
http://www.skullsecurity.org/blog/?p=345
Thanks!
Ron
I tried to run the script but it doesn’t show if is vulnerable or not.
Thanks.
Hi,
I tried your script but no result: Im using XP SP1 IIS 5
The result did not displayed if the FTP is vulnerable or not
issue this command: nmap -p 21 -sV –script IIS-FTP 192.168.41.4
Result:
tarting Nmap 5.00 ( http://nmap.org ) at 2009-09-06 14:14 CST
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using –system-dns or specify valid servers with –dns-servers
Interesting ports on 192.168.41.4:
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
MAC Address: 08:00:27:B5:C1:E9 (Cadmus Computer Systems)
Service Info: OS: Windows
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 5.53 seconds