Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: http-form-brute: uservar bug

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 11 May 2011 07:09:46 -0500
I got a chance to look at this, and the problem is that the script retrieves
the argument, then checks if uservar OR passvar are not set. If either is
not set, it looks through the page to try to guess the right fields. If it
can't guess, then it sets them BOTH to nil. Here's a patch that checks if
either is set separately and guesses only for the unset field:

Index: http-form-brute.nse
===================================================================
--- http-form-brute.nse (revision 23138)
+++ http-form-brute.nse (working copy)
@@ -134,8 +134,12 @@
        local path = nmap.registry.args['http-form-brute.path'] or "/"
        local status, result, engine

-       if ( not(uservar) or not(passvar) ) then
+       if ( not(uservar) and not(passvar) ) then
                uservar, passvar = detectFormFields( host, port, path )
+  elseif ( not(uservar) ) then
+               uservar, _ = detectFormFields( host, port, path )
+  elseif ( not(passvar) ) then
+               _, passvar = detectFormFields( host, port, path )
        end
        if ( not( uservar ) ) then
                return "  \n  ERROR: No uservar was specified (see
http-form-brute.uservar)"

Dan

On Tue, May 10, 2011 at 9:49 PM, Josh Greenwood <joshgreenwood () gmail com>wrote:


If I'm reading the documentation correctly, the following scan should work:
./nmap --script http-form-brute --script-args
http-form-brute.uservar=username 192.168.0.1

Yet I get the following error:
PORT   STATE SERVICE
80/tcp open  http
| http-form-brute:
|_  ERROR: No uservar was specified (see http-form-brute.uservar)

Am I providing the uservar value incorrectly, or is this a bug?  I'm using
nmap 5.51SVN, revision 23136.

Please let me know if I can provide additional information.

Thanks,
Josh
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: