Hi,
you dont want to ask nmap to determine the OS based on port 23 scan only.
so, s/p23// in the second nmap call.
hence:
#!/bin/bash
# solaris-telnetd-audit.sh
IPSFILE=./ips.lst; # file containing IPs to scan
MESSAGE=possible-Solaris-telnet-server-found;
EMAIL=[EMAIL PROTECTED];
for IP in
Hello Endrazine!
That's more complete but more slow at the same time due to service
fingerprinting being launched against 1665 ports rather than just one.
However, increasing the chance of finding a vulnerable target it's a
good idea. Thanks! :-)
Here is version 0.03 of solaris-telnetd-audit.sh,
On Sat, 17 Feb 2007, endrazine wrote:
Hi,
you dont want to ask nmap to determine the OS based on port 23 scan only.
so, s/p23// in the second nmap call.
That would run through nmap's list of default ports (2000). OS guess
needs one closed, and one open port to be effective.
I will supply
The following script might also help find Solaris telnet servers on
your network.
Note: I give no guarantees that it will work
# solaris-telnetd-audit.sh
IPSFILE=./ip-addresses.lst;
MESSAGE=possible Sun Solaris telned found;
EMAIL=[EMAIL PROTECTED];
for IP in `cat $IPSFILE`
do
echo
On 2/17/07, Marcin Antkiewicz [EMAIL PROTECTED] wrote:
On Sat, 17 Feb 2007, pagvac wrote:
The following script might also help find Solaris telnet servers on
your network.
[...]
for IP in `cat $IPSFILE`
do
echo Trying $IP ...;
if nmap -P0 -n -p23 -sS $IP | grep -i
-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Solaris telnet vulnberability - how many on
yournetwork?
Johannes Ullrich from the SANS ISC sent this to me and then I saw it on
the DSHIELD list:
If you run Solaris, please check if you got telnet enabled NOW. If
you
can, block port 23
If you run Solaris, please check if you got telnet enabled NOW.
Simple test :
nmap -sV -oG - -p23 your.net/cidr |grep Sun Solaris
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
___
Full-Disclosure - We believe in it.
Charter:
On 2/12/07, Michael Holstein [EMAIL PROTECTED] wrote:
If you run Solaris, please check if you got telnet enabled NOW.
Simple test :
nmap -sV -oG - -p23 your.net/cidr |grep Sun Solaris
Note that this bug was introduced in Solaris 10, earlier versions are
*not* vulnerable.
Kevin