Nmap Development mailing list archives
[NSE] Xplico addition to http-default-accounts-fingerprints
From: nnposter () users sourceforge net
Date: Mon, 24 Mar 2014 19:06:25 +0000
The following patch adds a fingerprint for Xplico(*) web UI to http-default-accounts-fingerprints.lua. Tested with versions 0.7 and 1.0.1. I am also including a patch for Cacti fingerprint. I have already posted it once(**) but for some reason it has not been committed. * http://www.xplico.org/ ** http://seclists.org/nmap-dev/2013/q3/415 Cheers, nnposter Patch against revision 32784 follows: --- nselib/data/http-default-accounts-fingerprints.lua.orig 2014-03-24 12:03:48.100601400 -0600 +++ nselib/data/http-default-accounts-fingerprints.lua 2014-03-11 21:45:51.853623100 -0600 @@ -87,7 +87,13 @@ {path = "/cacti/"} }, target_check = function (host, port, path, response) - return response.status == 200 + -- true if the response is HTTP/200 and sets cookie "Cacti" + if response.status == 200 then + for _, ck in ipairs(response.cookies or {}) do + if ck.name:lower() == "cacti" then return true end + end + end + return false end, login_combos = { {username = "admin", password = "admin"} @@ -98,6 +104,45 @@ }) table.insert(fingerprints, { + name = "Xplico", + category = "web", + paths = { + {path = "/users/login"} + }, + target_check = function (host, port, path, response) + -- true if the response is HTTP/200 and sets cookie "Xplico" + if response.status == 200 then + for _, ck in ipairs(response.cookies or {}) do + if ck.name:lower() == "xplico" then return true end + end + end + return false + end, + login_combos = { + {username = "admin", password = "xplico"}, + {username = "xplico", password = "xplico"} + }, + login_check = function (host, port, path, user, pass) + -- harvest all hidden fields from the login form + local req1 = http.get(host, port, path, {no_cache=true, redirect_ok = false}) + if req1.status ~= 200 then return false end + local html = req1.body and req1.body:match('<form%s+action%s*=%s*"/users/login".->(.-)</form>') + if not html then return false end + local form = {} + for n, v in html:gmatch('<input%s+type%s*=%s*"hidden"%s+name%s*=%s*"(.-)"%s+value%s*=%s*"(.-)"') do + form[n] = v + end + -- add username and password to the form and submit it + form["data[User][username]"] = user + form["data[User][password]"] = pass + local req2 = http.post(host, port, path, {no_cache=true, cookies=req1.cookies}, nil, form) + if req2.status ~= 302 then return false end + local loc = req2.header["location"] + return loc and (loc:match("/admins$") or loc:match("/pols/index$")) + end +}) + +table.insert(fingerprints, { name = "Apache Tomcat", category = "web", paths = { _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Xplico addition to http-default-accounts-fingerprints nnposter (Mar 24)