Tag Archives: apple

Detecting Apple Mac OS X AFP vulnerability CVE-2010-0533 with Nmap

During the development of my AFP library for Nmap I came a cross a critical vulnerability in Apple’s implementation of AFP on Snow Leopard. The vulnerability occurs due to improper input validation and allows an attacker to access (list, read, and/or write) files in the parent directory of any AFP sharepoint.

Continue reading

New scripts added to Nmap svn

Two more scripts of my scripts were added to the development release of nmap, afp-showmount and dns-service-discovery. You can try them out either by downloading them from the nmap-scripts page or by checking out the latest development release over here.

DAAP script for nmap

I’ve added a script that queries a DAAP service for it’s library. Depending on the version of the service it then attempts to query it for for a list of artists, albums and songs. It’s available, together with more other scripts, over at the nmap-scripts page.

Here’s a sample output when running against the Firefly Media Server:

| daap-get-library:
|   BUBBA|TWO
|     Fever Ray
|       Fever Ray (Deluxe Edition)
|         Concrete Walls
|         I’m Not Done
|         Here Before
|         Now’s The Only Time I Know
|         Stranger Than Kindness
|         Dry And Dusty
|         Keep The Streets Empty For Me
|         Triangle Walks
|         If I Had A Heart
|         Seven
|         When I Grow Up
|_       Coconut

New nmap script afp-showmount

I finished yet another Nmap script that allows for listing of AFP shares and their ACLs. The script currently does so as the public user and does not support authentication at the moment. The script is available from the nmap-script page. Here’s some sample output of the script being run against one of my test systems.

PORT    STATE SERVICE
548/tcp open  afp
| afp-showmount:
|     Yoda’s Public Folder
|       Owner: Search,Read,Write
|       Group: Search,Read
|       Everyone: Search,Read
|       User: Search,Read
|     Vader’s Public Folder
|       Owner: Search,Read,Write
|       Group: Search,Read
|       Everyone: Search,Read
|_      User: Search,Read