Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Digest auth for http-default-accounts-fingerprints

From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 08 Apr 2013 21:12:24 -0500
On 03/29/2013 07:20 PM, nnposter () users sourceforge net wrote:

The following patch adds HTTP digest authentication capability to
http-default-accounts-fingerprints.lua and also one real-life
fingerprint that benefits from it.

Cheers,
nnposter


--- nselib/data/http-default-accounts-fingerprints.lua.orig     2012-06-22 11:06:06.000000000 -0600
+++ nselib/data/http-default-accounts-fingerprints.lua          2013-03-29 16:48:48.093750000 -0600
@@ -35,6 +35,24 @@
  end
--- 
+-- Requests given path using digest authentication.
+-- @param host Host table
+-- @param port Port table
+-- @param path Path to request
+-- @param user Username for Digest Auth
+-- @param pass Password for Digest Auth
+-- @return True if login in was successful
+---
+local function try_http_digest_login(host, port, path, user, pass)
+    local credentials = {username = user, password = pass, digest = true}
+    local req = http.get(host, port, path, {no_cache=true, auth=credentials, redirect_ok = false})
+    if req.status ~= 401 and req.status ~= 403 then
+      return true
+    end
+    return false
+end
+
+---
  -- Tries to login with a http post, if the FAIL string is not found
  -- we assume login in was successful
  -- @param host Host table
@@ -144,4 +162,19 @@
    end
  })
- 
+---
+--SECURITY
+---
+table.insert(fingerprints, {
+  name = "Digital Sprite 2",
+  category = "security",
+  paths = {
+    {path = "/frmpages/index.html"}
+  },
+  login_combos = {
+    {username = "dm", password = "web"}
+  },
+  login_check = function (host, port, path, user, pass)
+    return try_http_digest_login(host, port, path, user, pass)
+  end
+})
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

I've added this signature and support for digest auth in r30729.

Thanks for contributing.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: