Nmap Development mailing list archives

Re: http-passwd Result

From: Zack Dela <ny101880 () yahoo com>
Date: Tue, 16 Nov 2010 16:06:13 -0800 (PST)



Thanks Ron for the reply and clarification.

This message " http-passwd: Directory traversal found." probably means nothing 
since theres no password file retrieve.
Possibly a bug?

Thanks,
Zack


________________________________
From: Ron <ron () skullsecurity net>
To: Zack Dela <ny101880 () yahoo com>
Cc: nmap-dev () insecure org
Sent: Tue, November 16, 2010 11:40:17 PM
Subject: Re: http-passwd Result

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Looks like you aren't vulnerable. The page is returning an HTTP page, not the 
passwd file. 


Ron

On Mon, 15 Nov 2010 05:28:07 -0800 (PST) Zack Dela <ny101880 () yahoo com> wrote:

Hi,

I would like to get some light on the result of the script. I wonder
how to manually go to that directory (I mean what parameter I will
put in the URL to find the vulnerability manually)
Im confused of the result and how to actually browse the site and
traverse to it.
The site is something like this https://x.x.x.x/ 


Command 1 (Machine A):
nmap -sV -p 80,443 -d --script http-passwd x.x.x.x

Result:
443/tcp open  ssl/http syn-ack Serv-U httpd x.x.x.x
| http-passwd: Directory traversal found.
| Payload: "%2F%2Fetc%2Fpasswd"
| Printing first 250 bytes:
|_<!DOCTYPE HTML PUBLIC "-//W3C//



Command 2 (Machine B):
nmap -sV -p 80,443 -d --script http-passwd x.x.x.x

Result:
443/tcp open  ssl/http syn-ack VMware View Manager httpd
| http-passwd: Directory traversal found.
| Payload: "%2F%2Fetc%2Fpasswd"
| Printing first 250 bytes:
| 
| 
| 
| <html>
|  <head>
|   <title>VMware View Portal</title>
|   <link rel=stylesheet href="/styles/default/style.css"
type="text/css" /> |  
|    <script type="text/javascript" language="JavaScript" 
src="/styles/default/cookieFunctions.js">
|_   </script>


Hoping anyone can help. I just wanted to see if the machine is
vulnerbale or not.

Thanks,
Zack



     
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev 
Archived at http://seclists.org/nmap-dev/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkzipeEACgkQ2t2zxlt4g/TS+ACgttrSJt4dqGU9/jhh5qOPZs4m
S28AoNHzgKX2G3ga8S1oj4et4BuaKmyx
=3D4q
-----END PGP SIGNATURE-----



      
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

http-passwd Result Zack Dela (Nov 15)
- Re: http-passwd Result Ron (Nov 16)
  - Re: http-passwd Result David Fifield (Nov 16)
    - Re: http-passwd Result Zack Dela (Nov 16)
    - Re: http-passwd Result Gutek (Nov 17)
  - Re: http-passwd Result Zack Dela (Nov 16)