Nmap Development mailing list archives
hexify() problem in http-passwd.nse
From: Joao Correa <joao () livewire com br>
Date: Sun, 31 May 2009 16:47:31 -0300
Kris, thanks for you answer and for the reference. My doubt is if, with the http-passwd.nse script, you are trying to retrieve the passwd file directly, or if it is used to retrieve the file as a parameter for the web application, just like descripted in [1]. Considering the source code I can only think about the first option, but in this case we fall on the problem descripted on my first e-mail (I´ve tried to reproduce the scenario here, but the hexed chars were not decoded by the Apache, leading to failure). As mentioned before, when I have removed the hexify function and sent the dir function without special encoding, it worked fine. I don´t think it is the expected behavior. Since the script dates from 2007 and the mentioned RFC dates from 2005, I don´t believe that it is a problem of lost compatibility due to Apache getting fit to the RFC. Have you used the script recently? Which web servers have you tried to exploit? Thanks a lot, João Correa [1] - http://en.wikipedia.org/wiki/Directory_traversal On Sat, May 30, 2009 at 3:04 PM, Kris Katterjohn <katterjohn () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joao Correa wrote:Anyway, I'm still in doubt about in which cases the script should be correctly used.I'm not really sure what you mean here, but maybe reading the original thread will help. This was one of my very first scripts, and you'll see why I thank Brandon in the comments :) http://seclists.org/nmap-dev/2007/q3/index.html#102Thanks, JoãoCheers, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJKIXU0AAoJEEQxgFs5kUfu8qEP/1aUXvy1hZZQoZgtOCwAskJ1 /reSkRpOP0y36/WfC0z0waIYxJrFqCVuKgAaHb2yc+6rxFbdvqdXu+wPl9xvXjA6 TlqHiGSuXIBLIrb9XCBZRYURd7C00k9fkW+FAJ/StYbv0fnbqEI9EoFlQmNAaTSa Qw/+g4hX26/Fo4Lvu2ySmcxi2CRTOvKD9r0HMqMRzYLjw5zOy0k9kHxMzBZXXPnr O8ACQsbxuwA4LP5iVGEtvai+WD6AcQxGs4hPboWhRL2HTQJHikcHxSl7/U6iv2bz SBQidsxj3QPtqC+47+iyqAw1JcTl82w/ldfeiqM3MXPUCRjB6B1qhTStHS0Hmyci MKiuQeM2rDVJzquCPY2ZpT2OS2Kqhn5ezyuhfK9k4/jWHvn2/WmTEdkqf7vy6AiG /K0ARvx+MwiqkXg7mtSbSvi3+1V/k6Nf/33GfRzkCmmekM+1Nr4GXuOT9/K7hsko aHxBbkSSZN794RAjOc/eIE8scgX5z2MIOwGbjIa2jt2g/sSJUUG4do4ZDzh86Gxh NbhUIeYnxPLZLhvG8oTDCmHeFbSiaxMSz7UExtDax0iAIjBY5/G58yXJ9XD39AvT 7WqA/2Eu4pysp1pPJrGvGHRZ5PIy/Kq1YJcB/dMfMIawHkSkaLi1coRIuZTSS6r3 kyY0zFPh/gDDPhT2Qknf =DtVO -----END PGP SIGNATURE-----
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- hexify() problem in http-passwd.nse Joao Correa (May 30)
- Re: hexify() problem in http-passwd.nse Joao Correa (May 30)
- Re: hexify() problem in http-passwd.nse Joao Correa (May 30)
- Re: hexify() problem in http-passwd.nse Kris Katterjohn (May 30)
- Message not available
- hexify() problem in http-passwd.nse Joao Correa (May 31)
- Re: hexify() problem in http-passwd.nse Brandon Enright (May 31)
- Re: hexify() problem in http-passwd.nse Joao Correa (May 31)
- Re: hexify() problem in http-passwd.nse Joao Correa (May 30)
- Re: hexify() problem in http-passwd.nse Joao Correa (May 30)