Nmap Development mailing list archives
Re: NSE - Sitecore version detection
From: Hani Benhabiles <kroosec () gmail com>
Date: Wed, 12 Sep 2012 22:59:32 +0100
On 09/06/2012 08:44 PM, Jesper Kückelhahn wrote:
Hi Hanni, The /sitecore/ prefix is the default installation path, used by most of the installations i've come a cross. I've used the extensive list given by Sitecore themselves: http://www.sitecore.net/Customers.aspx Some sites have blocked access to the login page, but still leave the .xml file accessible and vise-versa. If neither of these pages are accessible, the script will fail. I've used these sites (among others for testing) ==== Sitecore v6 ==== http://annenberg.usc.edu/ http://www.vanin.be/ http://www.pymblelc.nsw.edu.au/ http://www.phmetropol.dk/ http://www.nvsd44.bc.ca/==== Sitecore v5 ====http://www.flugger.com/ http://hia.com.au/ This is an example of Sitecore v4, but I've only encountered one such site, and they should be pretty much non-existent. ==== SITECORE V4 ==== (sitecore/client/login/default.aspx) http://www.nilfisk-advance.com On a side note, I did have some issues in regards to the http library with respect to the indentify_404 and clean_404. It seems that some captchs generate unique values, that are not removed in the clean_404 method. A specific example is http://sdu.dk/PageNotFound. The value of input element with name 'uniqID' changes on every refresh. I haven't researched deeper if the used captcha is a off-the-shelf and widely used, so I don't know if the problem is wide spread. But this results in the 404 identification failing, and http-enum returns at line 357. - Jesper On Thu, 2012-09-06 at 18:51 +0100, Hani Benhabiles wrote:On 09/04/2012 07:51 PM, Jesper Kückelhahn wrote:Hi,Hi Jesper,Thanks for your reply, Hani. I've looked into the http-enum script (and the fingerprint file), and it does make sense to extend this instead of creating a bunch of new stand-alone scripts. I've attached the diff output for nmap/nselib/data/http-fingerprints.lua with the Sitecore version extraction.Are you sure about these fingerprints, especially the /sitecore/ prefix which could be just the folder used for the application you are testing against. (ie. something like /blog/ is not related to wordpress itself). I am trying to find out any occurrences in the wild but so far my Google-fu returned nothing valuable, yet. Do you know of any which are on the internet. (you could email me off-list if needed)- Jesper On Mon, 2012-09-03 at 23:15 +0100, Hani Benhabiles wrote:On 09/03/2012 10:56 PM, Jesper Kückelhahn wrote:Hi, I'm a happy nmap user and really appreciate all the hard work that is put into this nice piece of software. As I'd like to give a little back to the community, I thought I'd start by writing some scripts for the NSE. I've attached the script here, as I haven't found any other place for this. Is this the right place for such submissions ? The attached script extracts Sitecore (CMS) version. Output example: 80/tcp open http | http-sitecore-version: |_ 6.4.1 (rev. 110621) Any comments and improvement suggestions are very welcome. Sorry if this gets double posted, I never used a mailing list before. - Jesper _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/Hi Jesper, Your wish to give back to the community is very appreciated. However, for a task such as fingerprinting a web application, you may want to take a look at http-enum scripts (and nselib/data/http-fingerprints.lua file) which is used specifically for regrouping fingerprints for differents CMS and web applications instead of having a script for each CMS/app. It would be better suited to add the fingerprints there. Cheers, Hani.
Hi Jesper, Good job, I have applied the patch as r29770. Cheers, Hani. -- Hani Benhabiles Twitter: https://twitter.com/#!/kroosec Blog: http://kroosec.blogspot.com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE - Sitecore version detection Jesper Kückelhahn (Sep 03)
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 03)
- Re: NSE - Sitecore version detection Jesper Kückelhahn (Sep 04)
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 06)
- Re: NSE - Sitecore version detection David Fifield (Sep 10)
- Message not available
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 12)
- Re: NSE - Sitecore version detection Jesper Kückelhahn (Sep 04)
- Re: NSE - Sitecore version detection Hani Benhabiles (Sep 03)
- <Possible follow-ups>
- NSE - Sitecore version detection Jesper Kückelhahn (Sep 05)