This host appears to be running RemoteNC on this port
RemoteNC is a Backdoor which allows an intruder gain remote control of your computer.
An attacker may use it to steal your passwords.
#
# This script was written by Joseph Mlodzianowski <[email protected]>
# thanks to H.D.Moore
#
#
include("compat.inc");
if(description)
{
script_id(11855);
script_version ("$Revision: 1.11 $");
script_cvs_date("$Date: 2016/11/23 20:31:32 $");
# script_cve_id("CVE-2003-00002");
name["english"] = "RemoteNC Backdoor Detection";
script_name(english:name["english"]);
script_set_attribute(attribute:"synopsis", value:
"The remote host has been compromised." );
script_set_attribute(attribute:"description", value:
"This host appears to be running RemoteNC on this port
RemoteNC is a Backdoor which allows an intruder gain
remote control of your computer.
An attacker may use it to steal your passwords." );
script_set_attribute(attribute:"solution", value:
"Visit the see_also URL for details on removal.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
# http://web.archive.org/web/20050418011325/http://www.rapter.net/jm2.htm
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?10e4148e");
script_set_attribute(attribute:"plugin_publication_date", value: "2003/09/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
summary["english"] = "Determines the presence of RemoteNC";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2016 J.Mlodzianowski");
family["english"] = "Backdoors";
script_family(english:family["english"]);
script_dependencie("find_service1.nasl", "JM_FsSniffer.nasl");
exit(0);
}
#
# The code starts here
#
include("misc_func.inc");
port = get_kb_item("Services/RemoteNC");
if (!port) exit(0);
if(!get_port_state(port))exit(0);
soc = open_sock_tcp(port);
if(!soc) exit(0);
r = recv(socket:soc, min:1, length:30);
if(!r) exit(0);
if("RemoteNC Control Password:" >< r) security_hole(port);