Nmap Development mailing list archives
Re: [NSE] Digest auth for http-default-accounts-fingerprints
From: Paulino Calderon <paulino () calderonpale com>
Date: Mon, 08 Apr 2013 21:12:24 -0500
On 03/29/2013 07:20 PM, nnposter () users sourceforge net wrote:
The following patch adds HTTP digest authentication capability to http-default-accounts-fingerprints.lua and also one real-life fingerprint that benefits from it. Cheers, nnposter --- nselib/data/http-default-accounts-fingerprints.lua.orig 2012-06-22 11:06:06.000000000 -0600 +++ nselib/data/http-default-accounts-fingerprints.lua 2013-03-29 16:48:48.093750000 -0600 @@ -35,6 +35,24 @@ end---+-- Requests given path using digest authentication. +-- @param host Host table +-- @param port Port table +-- @param path Path to request +-- @param user Username for Digest Auth +-- @param pass Password for Digest Auth +-- @return True if login in was successful +--- +local function try_http_digest_login(host, port, path, user, pass) + local credentials = {username = user, password = pass, digest = true} + local req = http.get(host, port, path, {no_cache=true, auth=credentials, redirect_ok = false}) + if req.status ~= 401 and req.status ~= 403 then + return true + end + return false +end + +--- -- Tries to login with a http post, if the FAIL string is not found -- we assume login in was successful -- @param host Host table @@ -144,4 +162,19 @@ end })-+--- +--SECURITY +--- +table.insert(fingerprints, { + name = "Digital Sprite 2", + category = "security", + paths = { + {path = "/frmpages/index.html"} + }, + login_combos = { + {username = "dm", password = "web"} + }, + login_check = function (host, port, path, user, pass) + return try_http_digest_login(host, port, path, user, pass) + end +}) _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
I've added this signature and support for digest auth in r30729. Thanks for contributing. _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] Digest auth for http-default-accounts-fingerprints Paulino Calderon (Apr 08)
- Re: [NSE] Digest auth for http-default-accounts-fingerprints nnposter (Apr 12)