diff options
author | Upstream <upstream-import@none> | 1970-01-12 13:46:40 +0000 |
---|---|---|
committer | Upstream <upstream-import@none> | 1970-01-12 13:46:40 +0000 |
commit | d102598c3989239d749b86b0f49fa54554f54402 (patch) | |
tree | a567c6b8ee7da3d0bb6f677a9bd50bf5c06e469e /data/showmount.d | |
download | netcat-d102598c3989239d749b86b0f49fa54554f54402.tar.gz |
external/netcat 110upstream/110
Diffstat (limited to 'data/showmount.d')
-rw-r--r-- | data/showmount.d | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/data/showmount.d b/data/showmount.d new file mode 100644 index 0000000..499794b --- /dev/null +++ b/data/showmount.d @@ -0,0 +1,63 @@ +# UDP mountd call. Use as input to find mount daemons and avoid portmap. +# Useful proc numbers are 2, 5, and 6. +# UDP-scan around between 600-800 to find most mount daemons. +# Using this with "2", plugged into "nc -u -v -w 2 victim X-Y" will +# directly scan *and* dump the current exports when mountd is hit. +# combine stdout *and* stderr thru "strings" or something to clean it up + +000 # XID: 4 trash bytes +001 +002 +003 + +000 # CALL: 0 +000 +000 +000 + +000 # RPC version: 2 +000 +000 +002 + +000 # mount: 100005 +001 +0x86 +0xa5 + +000 # mount version: 1 +000 +000 +001 + +000 # procedure number -- put what you need here: +000 # 2 = dump [showmount -e] +000 # 5 = exportlist [showmount -a] +xxx # "sed s/xxx/$1/ | data -g | nc ..." or some such... + +000 # port: junk +000 +000 +000 + +000 # auth trash +000 +000 +000 + +000 # auth trash +000 +000 +000 + +000 # auth trash +000 +000 +000 + +000 # extra auth trash? probably not needed +000 +000 +000 + +# that's it! |