Nmap Development mailing list archives
Re: [NSE] http-verb-tamper
From: Hani Benhabiles <kroosec () gmail com>
Date: Mon, 7 Nov 2011 13:52:10 +0100
Attached is the updated version: Renamed to http-method-tamper Accepts the script argument http-method-tamper.paths as an array. Defaults to {"/jmx-console/"} It also supports detecting cases where no authentication is required for jmx console which is the default configuration (and common as a search on shodanhq or using a Google dork shows.) On Mon, Nov 7, 2011 at 12:16 AM, David Fifield <david () bamsoftware com>wrote:
On Fri, Nov 04, 2011 at 11:04:37PM +0100, Hani Benhabiles wrote:On Fri, Nov 4, 2011 at 9:49 PM, Patrik Karlsson <patrik () cqure net>wrote:Hi Hani, Thanks for submitting this script! I had a quick look at it and Inoticedthat the script argument read in the action method does not reflectthe onedocumented in the usage.Attached the fixed version ! thanks for the catch.Also, I'm not sure how widespread this vulnerability is and if it would make more sense to target the reported JBoss vulnerability instead? Or maybe have two script, one generic like the one you submitted, and onethattargets CVE-2010-738 specifically. While I appreciate that the generic script could be sued to detect CVE-2010-738 I think it would be bettertobe able to do so without needing to supply the path.Yes, I believe it would make sense to implement a script that targets it specifically as there is actually a worm that's actively exploiting this JBoss vulnerability [1]. Plus, it won't take much work to adapt thegenericscript, just using /jmx-console/ as the path. In both cases, the script isn't intrusive as it tests first if there's authentication (401 or 302 that could be a redirect to a login page.)I think it should be a script that works for default for the JBoss vulnerability, and can be adapted to to work for other cases through a script argument, rather than the other way around. This is what I want: Change the script name to http-method-tamper. Change to a script argument http-method-tamper.paths (which is an array). Make paths default to {"/jmx-console/"}. David Fifield
-- M. Hani Benhabiles Blog: http://kroosec.blogspot.com Twitter: @kroosec
Attachment:
http-method-tamper.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 04)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper David Fifield (Nov 06)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 07)
- Message not available
- Message not available
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 08)
- Re: [NSE] http-verb-tamper Djalal Harouni (Nov 09)
- Re: [NSE] http-verb-tamper Hani Benhabiles (Nov 04)
- Re: [NSE] http-verb-tamper Patrik Karlsson (Nov 04)