Nmap Development mailing list archives
Re: [NSE] Xplico addition to http-default-accounts-fingerprints
From: Paulino Calderon <paulino () calderonpale com>
Date: Wed, 11 Jun 2014 14:48:27 -0500
Hey, Sorry for the late response. I’ve tested your patch and the new signature. Commited in r32991. Cheers. On Mar 24, 2014, at 1:06 PM, nnposter () users sourceforge net wrote:
The following patch adds a fingerprint for Xplico(*) web UI to http-default-accounts-fingerprints.lua. Tested with versions 0.7 and 1.0.1. I am also including a patch for Cacti fingerprint. I have already posted it once(**) but for some reason it has not been committed. * http://www.xplico.org/ ** http://seclists.org/nmap-dev/2013/q3/415 Cheers, nnposter Patch against revision 32784 follows: --- nselib/data/http-default-accounts-fingerprints.lua.orig 2014-03-24 12:03:48.100601400 -0600 +++ nselib/data/http-default-accounts-fingerprints.lua 2014-03-11 21:45:51.853623100 -0600 @@ -87,7 +87,13 @@ {path = "/cacti/"} }, target_check = function (host, port, path, response) - return response.status == 200 + -- true if the response is HTTP/200 and sets cookie "Cacti" + if response.status == 200 then + for _, ck in ipairs(response.cookies or {}) do + if ck.name:lower() == "cacti" then return true end + end + end + return false end, login_combos = { {username = "admin", password = "admin"} @@ -98,6 +104,45 @@ }) table.insert(fingerprints, { + name = "Xplico", + category = "web", + paths = { + {path = "/users/login"} + }, + target_check = function (host, port, path, response) + -- true if the response is HTTP/200 and sets cookie "Xplico" + if response.status == 200 then + for _, ck in ipairs(response.cookies or {}) do + if ck.name:lower() == "xplico" then return true end + end + end + return false + end, + login_combos = { + {username = "admin", password = "xplico"}, + {username = "xplico", password = "xplico"} + }, + login_check = function (host, port, path, user, pass) + -- harvest all hidden fields from the login form + local req1 = http.get(host, port, path, {no_cache=true, redirect_ok = false}) + if req1.status ~= 200 then return false end + local html = req1.body and req1.body:match('<form%s+action%s*=%s*"/users/login".->(.-)</form>') + if not html then return false end + local form = {} + for n, v in html:gmatch('<input%s+type%s*=%s*"hidden"%s+name%s*=%s*"(.-)"%s+value%s*=%s*"(.-)"') do + form[n] = v + end + -- add username and password to the form and submit it + form["data[User][username]"] = user + form["data[User][password]"] = pass + local req2 = http.post(host, port, path, {no_cache=true, cookies=req1.cookies}, nil, form) + if req2.status ~= 302 then return false end + local loc = req2.header["location"] + return loc and (loc:match("/admins$") or loc:match("/pols/index$")) + end +}) + +table.insert(fingerprints, { name = "Apache Tomcat", category = "web", paths = { _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Xplico addition to http-default-accounts-fingerprints Paulino Calderon (Jun 11)