Modify http-enum and http-fingerprints file so they work with http pipeline better.

2025-12-07 05:01:29 +00:00 · 2012-07-23 21:55:13 +00:00
parent a32589f06f
commit 09f7b93949
2 changed files with 31 additions and 11 deletions
--- a/nselib/data/http-fingerprints.lua
+++ b/nselib/data/http-fingerprints.lua
@@ -6288,11 +6288,13 @@ table.insert(fingerprints, {
    probes = {
      {
        path = '/sdk/../../../../../../../etc/vmware/hostd/vmInventory.xml',
-        method = 'GET'
+        method = 'GET',
        nopipeline = true
      },
      {
        path = '/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/etc/vmware/hostd/vmInventory.xml',
-        method = 'GET'
+        method = 'GET',
        nopipeline = true
      }
    },
    matches = {
@@ -6312,11 +6314,13 @@ table.insert(fingerprints, {
    probes = {
      {
        path = '/../../../../../../../../../../etc/passwd',
-        method = 'GET'
+        method = 'GET',
        nopipeline = true
      },
      {
        path = '/../../../../../../../../../../boot.ini',
-        method = 'GET'
+        method = 'GET',
        nopipeline = true
      }
    },
    matches = {
@@ -9958,7 +9962,7 @@ table.insert(fingerprints, {
        method = 'GET'
      },
      {
-        path = '/My Shared Folder/',
+        path = '/My%20Shared%20Folder/',
        method = 'GET'
      },
      {
--- a/scripts/http-enum.nse
+++ b/scripts/http-enum.nse
@@ -373,14 +373,24 @@ action = function(host, port)
 			basepath = '/' .. basepath
 		end
 	end
-
+  
  local results_nopipeline = {}
 	-- Loop through the fingerprints
 	stdnse.print_debug(1, "http-enum: Searching for entries under path '%s' (change with 'http-enum.basepath' argument)", basepath)
 	for i = 1, #fingerprints, 1 do
 		-- Add each path. The order very much matters here. 
 		for j = 1, #fingerprints[i].probes, 1 do
-			all = http.pipeline_add(basepath .. fingerprints[i].probes[j].path, nil, all, fingerprints[i].probes[j].method or 'GET')
+      if fingerprints[i].probes[j].nopipeline then
-		end
+        local res = http.generic_request(host, port, fingerprints[i].probes[j].method or 'GET', basepath .. fingerprints[i].probes[j].path, nil)
        if res.status then
          table.insert(results_nopipeline, res)
        else
          table.insert(results_nopipeline, false)
        end
      else
        all = http.pipeline_add(basepath .. fingerprints[i].probes[j].path, nil, all, fingerprints[i].probes[j].method or 'GET')
      end
    end
 	end
 	-- Perform all the requests. 
@@ -394,14 +404,20 @@ action = function(host, port)
 	-- Loop through the fingerprints. Note that for each fingerprint, we may have multiple results
 	local j = 1
  local j_nopipeline = 1
 	for i, fingerprint in ipairs(fingerprints) do
 		-- Loop through the paths for each fingerprint in the same order we did the requests. Each of these will
 		-- have one result, so increment the result value at each iteration
 		for _, probe in ipairs(fingerprint.probes) do
-			local result = results[j]
+      local result
-			j = j + 1
+      if probe.nopipeline then
-
+        result = results_nopipeline[j_nopipeline]
        j_nopipeline = j_nopipeline + 1
      else
        result = results[j]
        j = j + 1
      end
 			if(result) then
 				local path = basepath .. probe['path']
 				local good = true