I cleaned up and documented the script some more. The packets sent to the server over udp and tcp now both have NULL_AUTH credentials. The new version is available here.

So, my friend Ian Vitek enlightened me again. Apparently when the published application list is long it’s split up into multiple packets and the client needs to keep reading them until the magic byte at offset 31 is toggled to 1. I have adjusted my script so that it checks for this and prints a [...]

Lua turned out to be quite entertaining so I have spent some time coding some more scripts for Nmap. The first script I finished was nfs-showmount.nse which can be used to query a remote server for any NFS shares: nmap –script nfs-showmount -p 111 192.168.56.50 Interesting ports on yoda.localdomain (192.168.56.50): PORT    STATE SERVICE 111/tcp open  [...]

I just finished a patch against Romain Raboin’s HTTP Digest authentication patch for John the Ripper. Romain’s patch is also included in the jumbo patch available from the John the Ripper main page. The patch I made is very small and simply checks if the Quality of Protection (qop) parameter was supplied in the input [...]

I made another change (hopefully the last) which adds the local IP-address to the SIP via header instead of the hard coded dummy address I was using. The new version is available for download here. For more details on how to use the script check the first article over here.