Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File qconn-exec

Script types: portrule
Categories: intrusive, exploit, vuln
Download: http://nmap.org/svn/scripts/qconn-exec.nse

User Summary

Attempts to identify whether a listening QNX QCONN daemon allows unauthenticated users to execute arbitrary operating system commands.

QNX is a commercial Unix-like real-time operating system, aimed primarily at the embedded systems market. The QCONN daemon is a service provider that provides support, such as profiling system information, to remote IDE components. The QCONN daemon runs on port 8000 by default.

For more information about QNX QCONN, see:

Script Arguments

qconn-exec.cmd

Set the operating system command to execute. The default value is "uname -a".

qconn-exec.timeout

Set the timeout in seconds. The default value is 60.

qconn-exec.bytes

Set the number of bytes to retrieve. The default value is 1024.

unittest.run

See the documentation for the unittest library.

vulns.showall

See the documentation for the vulns library.

Example Usage

nmap --script qconn-exec --script-args qconn-exec.timeout=60,qconn-exec.bytes=1024,qconn-exec.cmd="uname -a" -p <port> <target>

Script Output

PORT     STATE SERVICE VERSION
8000/tcp open  qconn   qconn remote IDE support
| qconn-exec:
|   VULNERABLE:
|   The QNX QCONN daemon allows remote command execution.
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       The QNX QCONN daemon allows unauthenticated users to execute arbitrary operating
|       system commands as the 'root' user.
|
|     References:
|       http://www.fishnetsecurity.com/6labs/blog/pentesting-qnx-neutrino-rtos
|_      http://metasploit.org/modules/exploit/unix/misc/qnx_qconn_exec

Requires


Author: Brendan Coles

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]