Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap Erros on URI using NSE

From: Shritam Bhowmick <shritam.bhowmick () gmail com>
Date: Fri, 15 Aug 2014 17:29:55 +0530
Okay, at last I modified the code. Nnposter is correct if gives you out the
credentials, but there's something missing to the script, I ran the test
over 20 times by now and I hit 5 successful attempts and rest 15 were false
positives: look at the results here:

Invalid with same code: http://s22.postimg.org/pq7q8x2y9/invalid.png
Valid with same code: http://s7.postimg.org/6b864ls0b/vlid.png

What's wrong?

Regards
Shritam Bhowmick
Founder at OpenFire Technologies.
Penetration Tester at+OpenFire Security.
Web Application Analysis and Research.
www.openfire-security.net
http://forum.openfire-security.net

The information contained herein (including any accompanying documents) is
confidential and is intended solely for the addressee(s). It may contain
proprietary, confidential, privileged information or other information
subject to legal restrictions. If you are not the intended recipient of
this message, please do not read, copy, use or disclose this message or its
attachments. Please notify the sender immediately and delete all copies of
this message and any attachments. This e-mail message including
attachment(s), if any, is believed to be free of any virus. However, it is
the responsibility of the recipient to ensure for absence of viruses.
OpenFire Technologies shall not be held responsible nor does it accept
any liability for any damage arising in any way from its use.


On Fri, Aug 15, 2014 at 12:42 AM, Shritam Bhowmick <
shritam.bhowmick () gmail com> wrote:


Hey I need the whole revised code. I just cannot figure updating the nmap
scripts with nmap --script-dbupdate
Damn me.

Regards
Shritam Bhowmick
Founder at OpenFire Technologies.
Penetration Tester at+OpenFire Security.
Web Application Analysis and Research.
www.openfire-security.net
http://forum.openfire-security.net

The information contained herein (including any accompanying documents) is
confidential and is intended solely for the addressee(s). It may contain
proprietary, confidential, privileged information or other information
subject to legal restrictions. If you are not the intended recipient of
this message, please do not read, copy, use or disclose this message or
its
attachments. Please notify the sender immediately and delete all copies of
this message and any attachments. This e-mail message including
attachment(s), if any, is believed to be free of any virus. However, it is
the responsibility of the recipient to ensure for absence of viruses.
OpenFire Technologies shall not be held responsible nor does it accept
any liability for any damage arising in any way from its use.


On Thu, Aug 14, 2014 at 11:36 PM, Robin Wood <robin@digi.ninja> wrote:


Does the script check the files exist and can be read?
On 14 Aug 2014 19:04, <nnposter () users sourceforge net> wrote:


FWIW, the script is working as expected for me:

http-form-brute.path=/lab/webapp/1
http-form-brute.method=get
http-form-brute.passvar=password
http-form-brute.uservar=email
http-form-brute.onfailure=Failed!

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-form-brute:
|   Accounts
|     admin () PentesterAcademy com:zzzxy - Valid credentials
|   Statistics
|_    Performed 481 guesses in 43 seconds, average tps: 11
Final times for host: srtt: 0 rttvar: 3750  to: 100000


Cheers,
nnposter
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: