Tag Archives: afp

Detecting Apple Mac OS X AFP vulnerability CVE-2010-0533 with Nmap

During the development of my AFP library for Nmap I came a cross a critical vulnerability in Apple’s implementation of AFP on Snow Leopard. The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.

Continue reading

New scripts added to Nmap svn

Two more scripts of my scripts were added to the development release of nmap, afp-showmount and dns-service-discovery. You can try them out either by downloading them from the nmap-scripts page or by checking out the latest development release over here.

New nmap script afp-showmount

I finished yet another Nmap script that allows for listing of AFP shares and their ACLs. The script currently does so as the public user and does not support authentication at the moment. The script is available from the nmap-script page. Here’s some sample output of the script being run against one of my test systems.

PORT    STATE SERVICE
548/tcp open  afp
| afp-showmount:
|     Yoda’s Public Folder
|       Owner: Search,Read,Write
|       Group: Search,Read
|       Everyone: Search,Read
|       User: Search,Read
|     Vader’s Public Folder
|       Owner: Search,Read,Write
|       Group: Search,Read
|       Everyone: Search,Read
|_      User: Search,Read