Nmap Development mailing list archives

Re: Nmap Erros on URI using NSE

From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 9 Aug 2014 14:36:25 -0500

On Sat, Aug 9, 2014 at 5:22 AM, Shritam Bhowmick <shritam.bhowmick () gmail com

wrote:

nmap pentesteracademylab.appspot.com --script=http-form-brute
--script-args
'http-form-brute.path=/lab/webapp/1, http-form-brute.hostname=
pentesteracademylab.appspot.com,
passdb=/root/Desktop/pentesteracademy/challenge1/password.txt,
userdb=/root/Desktop/pentesteracademy/challenge1/users.txt,
http-form-brute.passvar=password, http-form-brute.uservar=email' -vvv

Here is the GET request:


http://pentesteracademylab.appspot.com/lab/webapp/1?email=&password=

Error Logs:

80/tcp  open  http
| http-form-brute:
|_  ERROR: Failed to retrieve path (/lab/webapp/1) from server
443/tcp open  https
| http-form-brute:
|_  ERROR: Failed to retrieve path (/lab/webapp/1) from server

Shritam,

The site you are testing only accepts GET requests to that URI. The
http-form-brute script only sends authentication in POST requests, because
that is the most common case. You can change the script to send GET
requests instead by applying the following patch:

 Index: scripts/http-form-brute.nse
===================================================================
--- scripts/http-form-brute.nse    (revision 33448)
+++ scripts/http-form-brute.nse    (working copy)
@@ -155,7 +155,7 @@
   end,

   postRequest = function( host, port, path, options )
-    local response = http.post( host, port, path, { no_cache = true },
nil, options )
+    local response = http.get( host, port, path, { no_cache = true }, nil,
options )
     local status = ( response and tonumber(response.status) ) or 0
     if ( status > 300 and status < 400 ) then
       local new_path = url.absolute(path, response.header.location)

If this were a real web application instead of a learning lab, I would
report this as a finding: sending authentication credentials in a GET
request is not recommended because the request may be cached or logged,
leaking the credentials.

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 09)
  - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
    - Re: Nmap Erros on URI using NSE Daniel Miller (Aug 10)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 10)
    - Re: Nmap Erros on URI using NSE Robin Wood (Aug 10)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 11)
    - Re: Nmap Erros on URI using NSE nnposter (Aug 12)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 13)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
    - Re: Nmap Erros on URI using NSE nnposter (Aug 14)
    - Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)

(Thread continues...)