403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/share/nmap/scripts/eppc-enum-processes.nse
local nmap      = require('nmap')
local shortport = require('shortport')
local stdnse    = require('stdnse')
local string    = require('string')
local tab       = require('tab')

description = [[
Attempts to enumerate process info over the Apple Remote Event protocol.
When accessing an application over the Apple Remote Event protocol the
service responds with the uid and pid of the application, if it is running,
prior to requesting authentication.
]]

---
-- @usage
-- nmap -p 3031 <ip> --script eppc-enum-processes
--
-- @output
-- PORT     STATE SERVICE
-- 3031/tcp open  eppc
-- | eppc-enum-processes:
-- | application       uid  pid
-- | Address Book      501  269
-- | Facetime          501  495
-- | Finder            501  274
-- | iPhoto            501  267
-- | Photo booth       501  471
-- | Remote Buddy      501  268
-- | Safari            501  270
-- | Terminal          501  266
-- | Transmission      501  265
-- |_VLC media player  501  367
--

author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}

portrule = shortport.port_or_service(3031, "eppc", "tcp", "open")

action = function( host, port )

  local socket = nmap.new_socket()
  socket:set_timeout(5000)

  local try = nmap.new_try(
    function()
      stdnse.debug1("failed")
      socket:close()
    end
  )

  -- a list of application that may or may not be running on the target
  local apps = {
    "Address Book",
    "App Store",
    "Facetime",
    "Finder",
    "Firefox",
    "Google Chrome",
    "iChat",
    "iPhoto",
    "Keychain Access",
    "iTunes",
    "Photo booth",
    "QuickTime Player",
    "Remote Buddy",
    "Safari",
    "Spotify",
    "Terminal",
    "TextMate",
    "Transmission",
    "VLC",
    "VLC media player",
  }

  local results = tab.new(3)
  tab.addrow( results, "application", "uid", "pid" )

  for _, app in ipairs(apps) do
    try( socket:connect(host, port, "tcp") )
    local data

    local packets = {
      "PPCT\0\0\0\1\0\0\0\1",
      -- unfortunately I've found no packet specifications, so this has to do
      stdnse.fromhex("e44c50525401e101")
      .. string.pack("Bs1", 225 + #app, app)
      .. stdnse.fromhex("dfdbe302013ddfdfdfdfd500"),
    }

    for _, v in ipairs(packets) do
      try( socket:send(v) )
      data = try( socket:receive() )
    end

    local uid, pid = data:match("uid=(%d+)&pid=(%d+)")
    if ( uid and pid ) then tab.addrow( results, app, uid, pid ) end

    try( socket:close() )
  end

  return "\n" .. tab.dump(results)

end

Youez - 2016 - github.com/yon3zu
LinuXploit