Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] IBM Websphere Application Server helper scripts

From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 29 Dec 2015 07:38:26 -0600
Kost,

Thanks for submitting these! I'm looking at them carefully for inclusion,
and I think that the http-websphere-console script could be included as the
following fingerprint for http-enum:

table.insert(fingerprints, {
    category = 'management',
    probes = {
      "/ibm/console/logon.jsp?action=OK",
      "/console/",
      "/console/portal/0/Welcome"
    },
    matches = {
      {
        match = "[Ww][Ee][Bb][Ss][Pp][Hh][Ee][Rr][Ee]",
        output = "WebSphere"
      },
      {
        match = "WSC Console Federation",
        output = "WebSphere Commerce"
      },
    }
  })

I've attached a patch to add this to http-fingerprints.lua, and you can
test it with --script http-enum --script-args http-enum.category=management

I'm working on some changes to http-wordpress-brute (on which you based the
websphere-brute script) so when those are ironed out, I'll apply them to
http-websphere-brute, too, and ask that you test it.

Dan

On Sun, Jul 12, 2015 at 11:58 PM, Vlatko Kosturjak <kost () linux hr> wrote:


Hello!

IBM WebSphere is application server similar to Tomcat, JBoss and WebLogic.
Therefore, it should be interesting to any penetration tester doing
enterprise scale work where Websphere might be present. It should be also
interesting to anyone who is working on securing enterprise environment
since Websphere allows deploying own (malicious or not) code to the server.

I have written NSE scripts to identify IBM Websphere consoles of
application servers and to brute force any usernames and passwords.

Scripts are also available at:
https://github.com/kost/nmap-nse

For demonstration purposes, I have demonstrated basic NSE scripts usage
at my blog:

https://k0st.wordpress.com/2015/07/13/identifying-and-exploiting-ibm-websphere-application-server/

There you can find also basics of WebSphere exploitation.

Hope it helps,
--
Vlatko Kosturjak - KoSt

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Attachment: websphere.patch
Description: 

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: