Re: Nmap Erros on URI using NSE

[Robin Wood <robin@digi.ninja>]

On 14 Aug 2014 18:30, "Shritam Bhowmick" <shritam.bhowmick () gmail com> wrote:
> Okay, I made this run, and I get this:
>
> NSE: Finished http-form-brute against pentesteracademylab.appspot.com (
> 74.125.68.141:80).
> Completed NSE at 13:28, 5.97s elapsed
> Nmap scan report for pentesteracademylab.appspot.com (74.125.68.141)
> Host is up, received reset (0.00048s latency).
> Scanned at 2014-08-14 13:28:05 EDT for 6s
> PORT   STATE SERVICE REASON
> 80/tcp open  http    syn-ack
> | http-form-brute:
> |   Accounts
> |     No valid accounts found
> |   Statistics
> |_    Performed 0 guesses in 1 seconds, average tps: 0

No attempts were made for some reason. What command line did you use?

Robin

> Final times for host: srtt: 477 rttvar: 4096  to: 100000
>
> NSE: Script Post-scanning.
> NSE: Starting runlevel 1 (of 1) scan.
> Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
> Nmap done: 1 IP address (1 host up) scanned in 6.46 seconds
>            Raw packets sent: 5 (196B) | Rcvd: 2 (84B)
>
>
> But, I see there were no accounts found while:
>
> username: (the email GET field): admin () pentesteracademy com
> password: zzzxy
>
> are the login credentials which were supposed to be authenticated. I tried
> this on string "Failure" set on onfailure.
>
>
> Regards
> Shritam Bhowmick
> Founder at OpenFire Technologies.
> Penetration Tester at+OpenFire Security.
> Web Application Analysis and Research.
> www.openfire-security.net
> http://forum.openfire-security.net
>
> The information contained herein (including any accompanying documents) is
> confidential and is intended solely for the addressee(s). It may contain
> proprietary, confidential, privileged information or other information
> subject to legal restrictions. If you are not the intended recipient of
> this message, please do not read, copy, use or disclose this message or
its
> attachments. Please notify the sender immediately and delete all copies of
> this message and any attachments. This e-mail message including
> attachment(s), if any, is believed to be free of any virus. However, it is
> the responsibility of the recipient to ensure for absence of viruses.
> OpenFire Technologies shall not be held responsible nor does it accept
> any liability for any damage arising in any way from its use.
>
>
> On Thu, Aug 14, 2014 at 10:54 PM, Shritam Bhowmick <
> shritam.bhowmick () gmail com> wrote:
>
> > Hi nmposter,
> >
> > That's great. Looking forward to the enhancements. On a side note,
could I
> > get the whole script because I manually changed your patch code to the
> > original nmap script! Is there any way, I can update my nmap scrip db, I
> > tried nmap --scrip-dbupdate on kali. It seems not to work.
> >
> > I need the code to make it work. I did common spell mistakes while
> > changing the code as well.
> >
> > Regards
> > Shritam Bhowmick
> > Founder at OpenFire Technologies.
> > Penetration Tester at+OpenFire Security.
> > Web Application Analysis and Research.
> > www.openfire-security.net
> > http://forum.openfire-security.net
> >
> > The information contained herein (including any accompanying documents)
is
> > confidential and is intended solely for the addressee(s). It may contain
> > proprietary, confidential, privileged information or other information
> > subject to legal restrictions. If you are not the intended recipient of
> > this message, please do not read, copy, use or disclose this message or
> > its
> > attachments. Please notify the sender immediately and delete all copies
of
> > this message and any attachments. This e-mail message including
> > attachment(s), if any, is believed to be free of any virus. However, it
is
> > the responsibility of the recipient to ensure for absence of viruses.
> > OpenFire Technologies shall not be held responsible nor does it accept
> > any liability for any damage arising in any way from its use.
> >
> >
> > On Thu, Aug 14, 2014 at 10:48 PM, <nnposter () users sourceforge net>
wrote:
> > > Shritam Bhowmick wrote:
> > > > nmap pentesteracademylab.appspot.com -n --script=http-form-brute
> > > > --script-args 'http-form-brute.path="/lab/webapp/1",
> > > > http-form-brute.hostname="pentesteracademylab.appspot.com",
> > > > passdb="/root/Desktop/pentesteracademy/challenge1/passwords.txt",
> > > > userdb="/root/Desktop/pentesteracademy/challenge1/users.txt",
> > > > http-form-brute.passvar=password, http-form-brute.uservar=email' -vvv
> > > <snip>
> > > > But the script gave out no output still. I think there is an issue. I
> > > had
> > > > tested using hydra, and this worked fine!?
> > >
> > > If you run your CLI with -d you would see:
> > >
> > > PORT   STATE SERVICE REASON
> > > 80/tcp open  http    syn-ack
> > > | http-form-brute:
> > > |_  ERROR: Failed to retrieve path (/lab/webapp/1) from server
> > > Final times for host: srtt: 0 rttvar: 3750  to: 100000
> > >
> > > The reason is that the server is configured to reject POST requests
> > > while your CLI is missing "http-form-brute.method=get". (As noted in
> > > my previous e-mail, the script still uses POST by default.)
> > >
> > > There is room for improvement of the auto-detection but I have not
> > > tried to address that with my patch.
> > >
> > >
> > > Cheers,
> > > nnposter
> > > _______________________________________________
> > > Sent through the dev mailing list
> > > http://nmap.org/mailman/listinfo/dev
> > > Archived at http://seclists.org/nmap-dev/
> _______________________________________________
> Sent through the dev mailing list
> http://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/