Nmap Development mailing list archives
Re: Fix and addon to http-auth.nse
From: Vlatko Kosturjak <kost () linux hr>
Date: Fri, 07 Nov 2008 08:52:13 +0100
David Fifield wrote:
You can rewrite the authentication-testing loop in a more idiomatic
style. Instead of
for i = 1, #authcombinations, 1 do
use
for _, combination in ipairs(authcombinations) do
Please add an @output section as described at
http://nmap.org/book/nse-documentation.html#nse-documentation-script
Since you must have a server to test this against now is a good
opportunity to record this script's output.
Done that. New diff of script is in attachment.
Can you give examples of applications that use test:test by default for authentication? I want to be sure there's evidence for it before adding it to the script.
Not sure about the applications, but lot of tutorials on the web have this as example. Try to do this: http://www.google.com/search?hl=hr&q=test%3Atest+htpasswd You'll get lot of tutorials like this: http://www.vbulletin.org/forum/showthread.php?t=157530 http://archives.devshed.com/forums/php-108/matching-logins-to-an-old-htpasswd-file-2209167.html http://forums.whirlpool.net.au/forum-replies-archive.cfm/320253.html This is more check against people's forgetness (they forgot to delete the testing combination) and default testings... Kost
--- http-auth.nse.orig 2008-11-06 11:09:11.000000000 +0100
+++ http-auth.nse 2008-11-07 08:45:48.000000000 +0100
@@ -6,10 +6,14 @@
---
-- @output
-- | http-auth: HTTP Service requires authentication
--- |_ Auth type: Basic, realm = DSL Router
+-- | Auth type: Basic, realm = Password Required
+-- |_ HTTP server may accept test:test combination for Basic authentication
-- HTTP authentication information gathering script
-- rev 1.1 (2007-05-25)
+-- 2008-11-06 Vlatko Kosturjak <kost () linux hr>
+-- * bug fixes against base64 encoded strings, more flexible auth/pass check,
+-- corrected sample output
author = "Thomas Buchanan <tbuchanan () thecompassgrp net>"
@@ -19,12 +23,14 @@
require "shortport"
require "http"
+require "base64"
portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"})
action = function(host, port)
- local realm,scheme,result
+ local realm,scheme,result,authheader
local basic = false
+ local authcombinations= {"test:test", "admin:admin", "admin:", "admin:test"}
local answer = http.get( host, port, "/" )
@@ -53,14 +59,12 @@
end
if basic then
- answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46C"}})
- if answer.status ~= 401 and answer.status ~= 403 then
- result = result .. " HTTP server may accept user=\"admin\" with blank password for Basic authentication\n"
- end
-
- answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46YWRtaW4"}})
- if answer.status ~= 401 and answer.status ~= 403 then
- result = result .. " HTTP server may accept user=\"admin\" with password=\"admin\" for Basic authentication\n"
+ for _, combination in pairs (authcombinations) do
+ authheader = "Basic " .. base64.enc(combination)
+ answer = http.get(host, port, '/', {header={Authorization=authheader}})
+ if answer.status ~= 401 and answer.status ~= 403 then
+ result = result .. " HTTP server may accept " .. combination .. " combination for Basic authentication\n"
+ end
end
end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 07)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)