New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added double pulsar vuln detection nse. #854

Closed
wants to merge 4 commits into
base: master
from

Conversation

Projects
None yet
4 participants
@xorrbit

xorrbit commented Apr 18, 2017

This is a detection script for the double pulsar backdoor that was leaked by the shadow brokers at https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation

It is based on the python detection script at https://github.com/countercept/doublepulsar-detection-script

This has been tested on two machines implanted with double pulsar, along with a few unaffected machines, with all results being as expected.

@cldrn

This comment has been minimized.

Show comment
Hide comment
@cldrn

cldrn Apr 18, 2017

Member

Very nice!

Member

cldrn commented Apr 18, 2017

Very nice!

@dmiller-nmap

Rename to smb-double-pulsar-backdoor for consistency as this is not a "vuln" in the classic sense. I can make cleanup changes like this myself but at least I want answers to a couple of the questions.

Show outdated Hide outdated scripts/smb-vuln-double-pulsar.nse Outdated
Show outdated Hide outdated scripts/smb-vuln-double-pulsar.nse Outdated
Show outdated Hide outdated scripts/smb-vuln-double-pulsar.nse Outdated
Show outdated Hide outdated scripts/smb-vuln-double-pulsar.nse Outdated
Show outdated Hide outdated scripts/smb-vuln-double-pulsar.nse Outdated
@Varunram

This comment has been minimized.

Show comment
Hide comment
@Varunram

Varunram Apr 18, 2017

I don't know whether it's really important, (or maybe Dan skipped it for a reason) but it'd be amazing if you could replace the bin.pack call with a string.pack call (again, Lua 5.3)

Varunram commented Apr 18, 2017

I don't know whether it's really important, (or maybe Dan skipped it for a reason) but it'd be amazing if you could replace the bin.pack call with a string.pack call (again, Lua 5.3)

@xorrbit

This comment has been minimized.

Show comment
Hide comment
@xorrbit

xorrbit Apr 18, 2017

These commits should take care of the issues mentioned so far, and responses to the questions are inline.

xorrbit commented Apr 18, 2017

These commits should take care of the issues mentioned so far, and responses to the questions are inline.

@dmiller-nmap

This comment has been minimized.

Show comment
Hide comment
@dmiller-nmap

dmiller-nmap Apr 18, 2017

@Varunram For a time-sensitive thing like this, I wasn't going to push too hard to change the string packing.
@xorrbit I'll check out the changes and try to merge this right away.

dmiller-nmap commented Apr 18, 2017

@Varunram For a time-sensitive thing like this, I wasn't going to push too hard to change the string packing.
@xorrbit I'll check out the changes and try to merge this right away.

@nmap-bot nmap-bot closed this in 214d527 Apr 18, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment