Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE Script] HTTP probe for /etc/passwd

From: Fyodor <fyodor () insecure org>
Date: Sat, 21 Jul 2007 22:36:55 -0700
On Sat, Jul 21, 2007 at 06:15:03PM +0000, Brandon Enright wrote:


80/tcp   open   http
|  HTTP /etc/passwd probe: root::0:0:root:/root:/bin/bash
|  bin:*:1:1:bin:/bin:/sbin/nologin
|  daemon:*:2:2:daemon:/sbin:/sbin/nologin
|  adm:*:3:4:adm:/var/adm:/sbin/nologin
|  lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin
|  sync:*:5:0:sync:/sbin:/bin/sync


Looks promising.  I think we should print the URL which ended up
working against the server.  That would also allow for more zealous
cropping of the password file itself.  Like maybe we chould show just
the first 15 lines unless we are in debug mode.  It is important that
we don't overwelm the user.

Thanks for doing so much testing.  Its great that this already helped
you find one vulnerable system.


fingerprint are all the odd HTTP servers we have running around here.  Your
portrule looks for 80, 8000, or "http".  If we have some strange HTTP
server running on 1234 this script wont run.


Well it should still run as long as version detection is used.  And I
would in general strongly recommend version detection be used whenever
-sC is.  The -A option includes both.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: