Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] IBM Websphere Application Server helper scripts

From: Daniel Miller <bonsaiviking () gmail com>
Date: Thu, 31 Dec 2015 10:49:57 -0600
Kost,

I just got done with an overhaul of http-form-brute [1] that should enable
support for WebSphere. I don't have an installation here to test, though,
so I'd really appreciate your input. Requires the latest http.lua from SVN.

Dan

[1] http://seclists.org/nmap-dev/2015/q4/303

On Tue, Dec 29, 2015 at 7:38 AM, Daniel Miller <bonsaiviking () gmail com>
wrote:


Kost,

Thanks for submitting these! I'm looking at them carefully for inclusion,
and I think that the http-websphere-console script could be included as the
following fingerprint for http-enum:

table.insert(fingerprints, {
    category = 'management',
    probes = {
      "/ibm/console/logon.jsp?action=OK",
      "/console/",
      "/console/portal/0/Welcome"
    },
    matches = {
      {
        match = "[Ww][Ee][Bb][Ss][Pp][Hh][Ee][Rr][Ee]",
        output = "WebSphere"
      },
      {
        match = "WSC Console Federation",
        output = "WebSphere Commerce"
      },
    }
  })

I've attached a patch to add this to http-fingerprints.lua, and you can
test it with --script http-enum --script-args http-enum.category=management

I'm working on some changes to http-wordpress-brute (on which you based
the websphere-brute script) so when those are ironed out, I'll apply them
to http-websphere-brute, too, and ask that you test it.

Dan

On Sun, Jul 12, 2015 at 11:58 PM, Vlatko Kosturjak <kost () linux hr> wrote:


Hello!

IBM WebSphere is application server similar to Tomcat, JBoss and WebLogic.
Therefore, it should be interesting to any penetration tester doing
enterprise scale work where Websphere might be present. It should be also
interesting to anyone who is working on securing enterprise environment
since Websphere allows deploying own (malicious or not) code to the
server.

I have written NSE scripts to identify IBM Websphere consoles of
application servers and to brute force any usernames and passwords.

Scripts are also available at:
https://github.com/kost/nmap-nse

For demonstration purposes, I have demonstrated basic NSE scripts usage
at my blog:

https://k0st.wordpress.com/2015/07/13/identifying-and-exploiting-ibm-websphere-application-server/

There you can find also basics of WebSphere exploitation.

Hope it helps,
--
Vlatko Kosturjak - KoSt

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: