https://t.me/RX1948
Server : Apache/2.4.18 (Ubuntu)
System : Linux canvaswebdesign 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64
User : oppastar ( 1041)
PHP Version : 7.0.33-0ubuntu0.16.04.15
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/share/nmap/scripts/netbus-auth-bypass.nse
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"

description = [[
Checks if a NetBus server is vulnerable to an authentication bypass
vulnerability which allows full access without knowing the password.

For example a server running on TCP port 12345 on localhost with
this vulnerability is accessible to anyone. An attacker could
simply form a connection to the server ( ncat -C 127.0.0.1 12345 )
and login to the service by typing Password;1; into the console.
]]

---
-- @usage
-- nmap -p 12345 --script netbus-auth-bypass <target>
--
-- @output
-- 12345/tcp open  netbus
-- |_netbus-auth-bypass: Vulnerable

author = "Toni Ruottu"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"auth", "safe", "vuln"}


dependencies = {"netbus-version", "netbus-brute", "netbus-info"}

portrule = shortport.port_or_service (12345, "netbus", {"tcp"})

action = function( host, port )

  local socket = nmap.new_socket()
  local status, err = socket:connect(host, port)
  if not status then
    return
  end
  local buffer, _ = stdnse.make_buffer(socket, "\r")
  _ = buffer()
  if not (_ and _:match("^NetBus")) then
    stdnse.debug1("Not NetBus")
    return nil
  end

  -- The first argument of Password is the super-login bit.
  -- On vulnerable servers any password will do as long as
  -- we send the super-login bit. Regular NetBus has only
  -- one password. Thus, if we can login with two different
  -- passwords using super-login, the server is vulnerable.

  socket:send("Password;1;\r") --password: empty
  if buffer() ~= "Access;1" then
    return
  end
  socket:send("Password;1; \r") --password: space
  if buffer() == "Access;1" then
    return "Vulnerable"
  end
  return "Not vulnerable, but password is empty"
end

https://t.me/RX1948 - 2025