From a5b73cf906dd9043e60e87f86e0ec7941fd8f489 Mon Sep 17 00:00:00 2001 From: david Date: Mon, 26 Jan 2009 06:02:45 +0000 Subject: [PATCH] Rename the xampp-default-auth script to ftp-brute. Incorporate some code improvements in the script from Vlatko Kosturjak. Remove the nobody/e0e0e0e0 test credentials because I can't find a web source to substantiate them. --- CHANGELOG | 2 ++ .../{xampp-default-auth.nse => ftp-brute.nse} | 29 ++++++++++--------- scripts/script.db | 4 +-- 3 files changed, 19 insertions(+), 16 deletions(-) rename scripts/{xampp-default-auth.nse => ftp-brute.nse} (59%) diff --git a/CHANGELOG b/CHANGELOG index 6952f29d6..ec4f9d5ba 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,6 +2,8 @@ o A new Zenmap translation: French, contributed by Gutek +o The xampp-default-auth.nse script was renamed to ftp-brute.nse. + Nmap 4.85BETA1 [2009-1-23] o Added Ncat, a much-improved reimplementation of the venerable Netcat diff --git a/scripts/xampp-default-auth.nse b/scripts/ftp-brute.nse similarity index 59% rename from scripts/xampp-default-auth.nse rename to scripts/ftp-brute.nse index afd1a4a59..be74bfbb0 100644 --- a/scripts/xampp-default-auth.nse +++ b/scripts/ftp-brute.nse @@ -1,20 +1,20 @@ description = [[ -Check if an XAMP or XAMPP FTP server uses a default username and password. - -XAMP is an Apache distribution designed for easy installation and -administration. +Tries to get FTP login credentials by guessing usernames and passwords. ]] --- -- @output --- 21/tcp open ftp --- |_ xampp-default-auth: Login success with u/p: nobody/xampp +-- 21/tcp open ftp +-- |_ ftp-auth: Login success with u/p: nobody/xampp +-- +-- 2008-11-06 Vlatko Kosturjak +-- Modified xampp-default-auth script to generic ftp-brute script author = "Diman Todorov " license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -categories = {"auth", "vuln"} +categories = {"auth", "intrusive"} require "shortport" @@ -46,14 +46,15 @@ end action = function(host, port) local res local socket = nmap.new_socket() + local authcombinations = { + {user="nobody", password="xampp"}, --- XAMPP default ftp + } - socket:connect(host.ip, port.number) - res = login(socket, "nobody", "e0e0e0e0") - socket:close() - - socket:connect(host.ip, port.number) - res = login(socket, "nobody", "xampp") - socket:close() + for _, combination in pairs (authcombinations) do + socket:connect(host.ip, port.number) + res = login(socket, combination.user, combination.password) + socket:close() + end return res end diff --git a/scripts/script.db b/scripts/script.db index d8c5d180c..32416b3c7 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -22,6 +22,8 @@ Entry{ category = "auth", filename = "ftp-anon.nse" } Entry{ category = "safe", filename = "ftp-anon.nse" } Entry{ category = "default", filename = "ftp-bounce.nse" } Entry{ category = "intrusive", filename = "ftp-bounce.nse" } +Entry{ category = "auth", filename = "ftp-brute.nse" } +Entry{ category = "intrusive", filename = "ftp-brute.nse" } Entry{ category = "default", filename = "html-title.nse" } Entry{ category = "discovery", filename = "html-title.nse" } Entry{ category = "safe", filename = "html-title.nse" } @@ -107,5 +109,3 @@ Entry{ category = "safe", filename = "upnp-info.nse" } Entry{ category = "discovery", filename = "whois.nse" } Entry{ category = "external", filename = "whois.nse" } Entry{ category = "safe", filename = "whois.nse" } -Entry{ category = "auth", filename = "xampp-default-auth.nse" } -Entry{ category = "vuln", filename = "xampp-default-auth.nse" }