Nmap Development mailing list archives
Re: Apache killer 3192
From: Duarte Silva <duarte.silva () serializing me>
Date: Tue, 13 Sep 2011 11:09:39 +0100
Hi Adrian, could you use the script trace argument with nmap (that way you will be able to verify the HTTP request and responses). nmap -n -v -sT -pT:443 x.x.x.x--script http-vuln-cve2011-3192 --script- args="http-vuln-cve2011-3192.path=/" --script-trace By the way, if you don't specify the path argument, by the default, the script will use "/". Regards, Duarte On Tuesday 13 September 2011 06:12:48 Adrian Coelho wrote:
-nmap -V Nmap version 5.51 ( http://nmap.org ) -openssl s_client -connect x.x.x.x:443 ----snip---- CERTIFICATE Details ----snip---- HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 13 Sep 2011 04:59:55 GMT Server: Apache Last-Modified: Fri, 09 Sep 2011 17:08:47 GMT ETag: "a576-14b7-4ac853afb05c0" Accept-Ranges: bytes Content-Length: 5303 Connection: close Content-Type: text/html -nmap -n -v -sT -pT:443 x.x.x.x--script http-vuln-cve2011-3192 --script-args="http-vuln-cve2011-3192.path=/" -d Starting Nmap 5.51 ( http://nmap.org ) at 2011-09-13 07:25 BST --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 1 scripts for scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating Ping Scan at 07:25 Scanning x.x.x.x[2 ports] Completed Ping Scan at 07:25, 0.09s elapsed (1 total hosts) Overall sending rates: 22.49 packets / s. Initiating Connect Scan at 07:25 Scanning x.x.x.x[1 port] Discovered open port 443/tcp on x.x.x.x Completed Connect Scan at 07:25, 0.09s elapsed (1 total ports) Overall sending rates: 11.41 packets / s. NSE: Starting runlevel 1 (of 1) scan. NSE: Starting http-vuln-cve2011-3192 against x.x.x.x:443. NSE: Script scanning x.x.x.x. Initiating NSE at 07:25 NSE: http-vuln-cve2011-3192: Functionality check HEAD request failed for x.x.x.x(with path '/'). NSE: Finished http-vuln-cve2011-3192 against x.x.x.x:443. Completed NSE at 07:25, 0.18s elapsed Nmap scan report for x.x.x.x Host is up, received syn-ack (0.086s latency). Scanned at 2011-09-13 07:25:39 BST for 0s PORT STATE SERVICE REASON 443/tcp open https syn-ack Final times for host: srtt: 86289 rttvar: 49094 to: 282665 NSE: Starting runlevel 1 (of 1) scan. Read from /usr/local/share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 0.63 seconds --- Regards, Adrian On Sep 13, 2011, at 1:57 AM, John Bond <john.r.bond () gmail com> wrote:On 12 September 2011 19:46, Henri Doreau <henri.doreau () greenbone net>
wrote:
2011/9/12 Adrian Coelho <adrian.coelho () gmail com>:NSE: http-vuln-cve2011-3192: Functionality check HEAD request failed for x.x.x.x (with path '/').I can't trigger any problem with the script. Is your server configured to accept HEAD requests on port 443?Adrian, What do you get id you do a head request using openssl run openssl s_client -connect server:443 then type HEAD / HTTP/1.0 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Attachment:
smime.p7s
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)
- Re: Apache killer 3192 John Bond (Sep 12)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Duarte Silva (Sep 13)
- Re: Apache killer 3192 Adrian Coelho (Sep 12)
- Re: Apache killer 3192 Henri Doreau (Sep 12)