Script ventrilo-info

Script types: portrule
Categories: default, discovery, safe, version
Download: https://svn.nmap.org/nmap/scripts/ventrilo-info.nse

Script Summary

Detects the Ventrilo voice communication server service versions 2.1.2 and above and tries to determine version and configuration information. Some of the older versions (pre 3.0.0) may not have the UDP service that this probe relies on enabled by default.

The Ventrilo server listens on a TCP (voice/control) and an UDP (ping/status) port with the same port number (fixed to 3784 in the free version, otherwise configurable). This script activates on both a TCP and UDP port version scan. In both cases probe data is sent only to the UDP port because it allows for a simple and informative status command as implemented by the ventrilo_status.exe executable which has shipped alongside the Windows server package since version 2.1.2 when the UDP status service was implemented.

When run as a version detection script (-sV), the script will report on the server version, name, uptime, authentication scheme, and OS. When run explicitly (--script ventrilo-info), the script will additionally report on the server name phonetic pronunciation string, the server comment, maximum number of clients, voice codec, voice format, channel and client counts, and details about channels and currently connected clients.

Original reversing of the protocol was done by Luigi Auriemma (http://aluigi.altervista.org/papers.htm#ventrilo).

Example Usage

  • nmap -sV <target>
  • nmap -Pn -sU -sV --script ventrilo-info -p <port> <target>
    

Script Output

PORT     STATE SERVICE  VERSION
9408/tcp open  ventrilo Ventrilo 3.0.3.C (voice port; name: TypeFrag.com; uptime: 152h:56m; auth: pw)
| ventrilo-info:
| name: TypeFrag.com
| phonetic: Type Frag Dot Com
| comment: http://www.typefrag.com/
| auth: pw
| max. clients: 100
| voice codec: 3,Speex
| voice format: 32,32 KHz%2C 16 bit%2C 10 Qlty
| uptime: 152h:56m
| platform: WIN32
| version: 3.0.3.C
| channel count: 14
| channel fields: CID, PID, PROT, NAME, COMM
| client count: 6
| client fields: ADMIN, CID, PHAN, PING, SEC, NAME, COMM
| channels:
| <top level lobby> (CID: 0, PID: n/a, PROT: n/a, COMM: n/a): <empty>
| Group 1 (CID: 719, PID: 0, PROT: 0, COMM: ):
|   stabya (ADMIN: 0, PHAN: 0, PING: 47, SEC: 206304, COMM:
| Group 2 (CID: 720, PID: 0, PROT: 0, COMM: ): <empty>
| Group 3 (CID: 721, PID: 0, PROT: 0, COMM: ): <empty>
| Group 4 (CID: 722, PID: 0, PROT: 0, COMM: ): <empty>
| Group 5 (CID: 723, PID: 0, PROT: 0, COMM: ):
|   Sir Master Win (ADMIN: 0, PHAN: 0, PING: 32, SEC: 186890, COMM:
|   waterbukk (ADMIN: 0, PHAN: 0, PING: 31, SEC: 111387, COMM:
|   likez (ADMIN: 0, PHAN: 0, PING: 140, SEC: 22457, COMM:
|   Tweet (ADMIN: 0, PHAN: 0, PING: 140, SEC: 21009, COMM:
| Group 6 (CID: 724, PID: 0, PROT: 0, COMM: ): <empty>
| Raid (CID: 725, PID: 0, PROT: 0, COMM: ): <empty>
| Officers (CID: 726, PID: 0, PROT: 1, COMM: ): <empty>
| PG 13 (CID: 727, PID: 0, PROT: 0, COMM: ): <empty>
| Rated R (CID: 728, PID: 0, PROT: 0, COMM: ): <empty>
| Group 7 (CID: 729, PID: 0, PROT: 0, COMM: ): <empty>
| Group 8 (CID: 730, PID: 0, PROT: 0, COMM: ): <empty>
| Group 9 (CID: 731, PID: 0, PROT: 0, COMM: ): <empty>
| AFK - switch to this when AFK (CID: 732, PID: 0, PROT: 0, COMM: ):
|_  Eisennacher (ADMIN: 0, PHAN: 0, PING: 79, SEC: 181948, COMM:
Service Info: OS: WIN32

Requires


Author:

  • Marin Maržić

License: Same as Nmap--See https://nmap.org/book/man-legal.html