Nmap Development mailing list archives
Re: Nmap Erros on URI using NSE
From: Shritam Bhowmick <shritam.bhowmick () gmail com>
Date: Sun, 10 Aug 2014 09:34:44 +0530
Exactly, that would be again a red team assessment of a web application. Either way, I wonder why Nmap developers didn't opt for making one big change to this module since there would be many such real scenario application which use GET as there authentication platform for form-based authentication. It's much easier when you look at the source and the default methods are not declared. I take them as a GET since none such methods were declared at the source. I am looking at the code. Alternatively if I find the script to be working after I clone it out and have a backup, I would be happy to mail you back with the results. Regards Shritam Bhowmick Founder at OpenFire Technologies. Penetration Tester at+OpenFire Security. Web Application Analysis and Research. www.openfire-security.net http://forum.openfire-security.net The information contained herein (including any accompanying documents) is confidential and is intended solely for the addressee(s). It may contain proprietary, confidential, privileged information or other information subject to legal restrictions. If you are not the intended recipient of this message, please do not read, copy, use or disclose this message or its attachments. Please notify the sender immediately and delete all copies of this message and any attachments. This e-mail message including attachment(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure for absence of viruses. OpenFire Technologies shall not be held responsible nor does it accept any liability for any damage arising in any way from its use. On Sun, Aug 10, 2014 at 1:06 AM, Daniel Miller <bonsaiviking () gmail com> wrote:
On Sat, Aug 9, 2014 at 5:22 AM, Shritam Bhowmick < shritam.bhowmick () gmail com> wrote:nmap pentesteracademylab.appspot.com --script=http-form-brute --script-args 'http-form-brute.path=/lab/webapp/1, http-form-brute.hostname= pentesteracademylab.appspot.com, passdb=/root/Desktop/pentesteracademy/challenge1/password.txt, userdb=/root/Desktop/pentesteracademy/challenge1/users.txt, http-form-brute.passvar=password, http-form-brute.uservar=email' -vvv Here is the GET request: http://pentesteracademylab.appspot.com/lab/webapp/1?email=&password= Error Logs: 80/tcp open http | http-form-brute: |_ ERROR: Failed to retrieve path (/lab/webapp/1) from server 443/tcp open https | http-form-brute: |_ ERROR: Failed to retrieve path (/lab/webapp/1) from serverShritam, The site you are testing only accepts GET requests to that URI. The http-form-brute script only sends authentication in POST requests, because that is the most common case. You can change the script to send GET requests instead by applying the following patch: Index: scripts/http-form-brute.nse =================================================================== --- scripts/http-form-brute.nse (revision 33448) +++ scripts/http-form-brute.nse (working copy) @@ -155,7 +155,7 @@ end, postRequest = function( host, port, path, options ) - local response = http.post( host, port, path, { no_cache = true }, nil, options ) + local response = http.get( host, port, path, { no_cache = true }, nil, options ) local status = ( response and tonumber(response.status) ) or 0 if ( status > 300 and status < 400 ) then local new_path = url.absolute(path, response.header.location) If this were a real web application instead of a learning lab, I would report this as a finding: sending authentication credentials in a GET request is not recommended because the request may be cached or logged, leaking the credentials. Dan
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 09)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 10)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 10)
- Re: Nmap Erros on URI using NSE Robin Wood (Aug 10)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 11)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE nnposter (Aug 12)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 13)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
- Re: Nmap Erros on URI using NSE nnposter (Aug 14)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 09)