diff options
Diffstat (limited to 'src/usr.bin/nc/data/showmount.d')
| -rw-r--r-- | src/usr.bin/nc/data/showmount.d | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/src/usr.bin/nc/data/showmount.d b/src/usr.bin/nc/data/showmount.d new file mode 100644 index 0000000000..499794bc8a --- /dev/null +++ b/src/usr.bin/nc/data/showmount.d | |||
| @@ -0,0 +1,63 @@ | |||
| 1 | # UDP mountd call. Use as input to find mount daemons and avoid portmap. | ||
| 2 | # Useful proc numbers are 2, 5, and 6. | ||
| 3 | # UDP-scan around between 600-800 to find most mount daemons. | ||
| 4 | # Using this with "2", plugged into "nc -u -v -w 2 victim X-Y" will | ||
| 5 | # directly scan *and* dump the current exports when mountd is hit. | ||
| 6 | # combine stdout *and* stderr thru "strings" or something to clean it up | ||
| 7 | |||
| 8 | 000 # XID: 4 trash bytes | ||
| 9 | 001 | ||
| 10 | 002 | ||
| 11 | 003 | ||
| 12 | |||
| 13 | 000 # CALL: 0 | ||
| 14 | 000 | ||
| 15 | 000 | ||
| 16 | 000 | ||
| 17 | |||
| 18 | 000 # RPC version: 2 | ||
| 19 | 000 | ||
| 20 | 000 | ||
| 21 | 002 | ||
| 22 | |||
| 23 | 000 # mount: 100005 | ||
| 24 | 001 | ||
| 25 | 0x86 | ||
| 26 | 0xa5 | ||
| 27 | |||
| 28 | 000 # mount version: 1 | ||
| 29 | 000 | ||
| 30 | 000 | ||
| 31 | 001 | ||
| 32 | |||
| 33 | 000 # procedure number -- put what you need here: | ||
| 34 | 000 # 2 = dump [showmount -e] | ||
| 35 | 000 # 5 = exportlist [showmount -a] | ||
| 36 | xxx # "sed s/xxx/$1/ | data -g | nc ..." or some such... | ||
| 37 | |||
| 38 | 000 # port: junk | ||
| 39 | 000 | ||
| 40 | 000 | ||
| 41 | 000 | ||
| 42 | |||
| 43 | 000 # auth trash | ||
| 44 | 000 | ||
| 45 | 000 | ||
| 46 | 000 | ||
| 47 | |||
| 48 | 000 # auth trash | ||
| 49 | 000 | ||
| 50 | 000 | ||
| 51 | 000 | ||
| 52 | |||
| 53 | 000 # auth trash | ||
| 54 | 000 | ||
| 55 | 000 | ||
| 56 | 000 | ||
| 57 | |||
| 58 | 000 # extra auth trash? probably not needed | ||
| 59 | 000 | ||
| 60 | 000 | ||
| 61 | 000 | ||
| 62 | |||
| 63 | # that's it! | ||