Re: Fix and addon to http-auth.nse

[David Fifield <david () bamsoftware com>]

On Fri, Nov 07, 2008 at 08:52:13AM +0100, Vlatko Kosturjak wrote:
> David Fifield wrote:
> > You can rewrite the authentication-testing loop in a more idiomatic
> > style. Instead of
> >         for i = 1, #authcombinations, 1 do 
> > use
> >         for _, combination in ipairs(authcombinations) do
> > Please add an @output section as described at
> > http://nmap.org/book/nse-documentation.html#nse-documentation-script
> > Since you must have a server to test this against now is a good
> > opportunity to record this script's output.
>
> Done that. New diff of script is in attachment.

Thanks, it looks good and I have applied it. Let me apologize, the
script already had an @output section. I don't know how I missed it. My
instructions must have been confusing. Thanks, though, for including the
output for successful authentication.

> > Can you give examples of applications that use test:test by default for
> > authentication? I want to be sure there's evidence for it before adding
> > it to the script.
>
> Not sure about the applications, but lot of tutorials on the web have
> this as example.

I would like to see measurements first before adding another user
name/password pair. It would be good to know just how common test:test
and admin:test are, compared to admin:and admin:admin. I left the test:
combinations out for now.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org