unmanarc remote control server detection.plugin

全面网络扫描器VB源代码 很实用

<plugin_id>340</plugin_id>
<plugin_name>Unmanarc Remote Control Server detection</plugin_name>
<plugin_family>Backdoors</plugin_family>
<plugin_created_date>2005/01/09</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc.ruef at computec.ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_version>1.0</plugin_version>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>3360</plugin_port>
<plugin_procedure_detection>open|sleep|send iux\n|sleep|close|pattern_exists $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$</plugin_procedure_detection>
<plugin_detection_accuracy>90</plugin_detection_accuracy>
<plugin_comment>The NASL script is Copyright(C) 9/2004 J.Mlodzianowski</plugin_comment>
<bug_produced_name>Unmanarc</bug_produced_name>
<bug_affected>Unmanarc Remote Control Server</bug_affected>
<bug_not_affected>Other solutions</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>This host appears to be running URCS Server. Unmanarc Remote Control Server can be used/installed silent as a 'backdoor' which may allow an intruder to gain remote access to files on the remote system. If this program was not installed for remote management then it means the remote host has been compromised. An attacker may use it to steal files, passwords, or redirect ports on the remote system to launch other attacks.</bug_description>
<bug_solution>See http://www.rapter.net/jm5.htm</bug_solution>
<bug_fixing_time>Approx. 1 hour</bug_fixing_time>
<bug_exploit_availability>Maybe</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>High</bug_severity>
<bug_popularity>6</bug_popularity>
<bug_simplicity>9</bug_simplicity>
<bug_impact>9</bug_impact>
<bug_risk>8</bug_risk>
<bug_nessus_risk>High</bug_nessus_risk>
<bug_check_tool>Nessus can check this flaw with the plugin 15405 (URCS Server Detection).</bug_check_tool>
<source_nessus_id>15405</source_nessus_id>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://securityresponse.symantec.com/avcenter/venc/data/backdoor.urcs.html</source_misc>