From 6d49b6961bbf5635ded7406b8c60a9d4672ab7d2 Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 1 Nov 2016 00:14:49 +0000
Subject: [PATCH] Adds a fingerprint for Plumtree Portal

---
 CHANGELOG                                     |  2 +-
 .../http-default-accounts-fingerprints.lua    | 38 +++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8a15c82fa..1ee161b8f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,6 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
-o [NSE] Updated fingerprints for script http-default-accounts with 17 new
+o [NSE] Updated fingerprints for script http-default-accounts with 18 new
   fingerprints. 4 fingerprints have been broadened to cover more variants.
   [nnposter]
 
diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index c72212f84..25ebe73f3 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -426,6 +426,44 @@ table.insert(fingerprints, {
   end
 })
 
+table.insert(fingerprints, {
+  name = "Plumtree Portal",
+  category = "web",
+  paths = {
+    {path = "/"}
+  },
+  target_check = function (host, port, path, response)
+    local loc = response.header["location"] or ""
+    return response.status == 302
+           and loc:find("/portal/server%.pt$")
+  end,
+  login_combos = {
+    {username = "Administrator", password = ""}
+  },
+  login_check = function (host, port, path, user, pass)
+    local form = {in_hi_space="Login",
+                  in_hi_spaceID="0",
+                  in_hi_control="Login",
+                  in_hi_dologin="true",
+                  in_tx_username=user,
+                  in_pw_userpass=pass,
+                  in_se_authsource=""}
+    local req = http_post_simple(host, port,
+                                url.absolute(path, "portal/server.pt"),
+                                nil, form)
+    local loc = req.header["location"] or ""
+    -- successful login is a 302-redirect that sets cookie "plloginoccured"
+    -- to "true"
+    if not (req.status == 302 and loc:find("/portal/server%.pt[;?]")) then
+      return false
+    end
+    for _, ck in ipairs(req.cookies or {}) do
+      if ck.name:lower() == "plloginoccured" then return ck.value == "true" end
+    end
+    return false
+  end
+})
+
 table.insert(fingerprints, {
    -- Version 0.4.4.6.1-alpha on SamuraiWTF 2.6
   name = "BeEF",