Rename the xampp-default-auth script to ftp-brute. Incorporate some code

improvements in the script from Vlatko Kosturjak. Remove the nobody/e0e0e0e0 test credentials because I can't find a web source to substantiate them.
2025-12-11 02:09:03 +00:00 · 2009-01-26 06:02:45 +00:00
parent 81886dc21d
commit a5b73cf906
3 changed files with 19 additions and 16 deletions
--- a/2
+++ b/2
@@ -2,6 +2,8 @@

 o A new Zenmap translation: French, contributed by Gutek

+o The xampp-default-auth.nse script was renamed to ftp-brute.nse.
+
 Nmap 4.85BETA1 [2009-1-23]

 o Added Ncat, a much-improved reimplementation of the venerable Netcat
--- a/scripts/xampp-default-auth.nse
+++ b/scripts/xampp-default-auth.nse
@@ -1,20 +1,20 @@
 description = [[
-Check if an XAMP or XAMPP FTP server uses a default username and password.
-
-XAMP is an Apache distribution designed for easy installation and
-administration.
+Tries to get FTP login credentials by guessing usernames and passwords.
 ]]

 ---
 -- @output
 -- 21/tcp open  ftp
-- |_ xampp-default-auth: Login success with u/p: nobody/xampp
+-- |_ ftp-auth: Login success with u/p: nobody/xampp
+--
+-- 2008-11-06 Vlatko Kosturjak <kost@linux.hr>
+-- Modified xampp-default-auth script to generic ftp-brute script

 author = "Diman Todorov <diman.todorov@gmail.com>"

 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"

-categories = {"auth", "vuln"}
+categories = {"auth", "intrusive"}

 require "shortport"

@@ -46,14 +46,15 @@ end
 action = function(host, port)
 	local res
 	local socket = nmap.new_socket()
+	local authcombinations = { 
+		{user="nobody", password="xampp"}, --- XAMPP default ftp
+	}

+	for _, combination in pairs (authcombinations) do
 		socket:connect(host.ip, port.number)
-	res = login(socket, "nobody", "e0e0e0e0")
-	socket:close()
-
-	socket:connect(host.ip, port.number)
-	res = login(socket, "nobody", "xampp")
+		res = login(socket, combination.user, combination.password)
 		socket:close()
+	end
 	
 	return  res
 end
--- a/scripts/script.db
+++ b/scripts/script.db
@@ -22,6 +22,8 @@ Entry{ category = "auth", filename = "ftp-anon.nse" }
 Entry{ category = "safe", filename = "ftp-anon.nse" }
 Entry{ category = "default", filename = "ftp-bounce.nse" }
 Entry{ category = "intrusive", filename = "ftp-bounce.nse" }
+Entry{ category = "auth", filename = "ftp-brute.nse" }
+Entry{ category = "intrusive", filename = "ftp-brute.nse" }
 Entry{ category = "default", filename = "html-title.nse" }
 Entry{ category = "discovery", filename = "html-title.nse" }
 Entry{ category = "safe", filename = "html-title.nse" }
@@ -107,5 +109,3 @@ Entry{ category = "safe", filename = "upnp-info.nse" }
 Entry{ category = "discovery", filename = "whois.nse" }
 Entry{ category = "external", filename = "whois.nse" }
 Entry{ category = "safe", filename = "whois.nse" }
-Entry{ category = "auth", filename = "xampp-default-auth.nse" }
-Entry{ category = "vuln", filename = "xampp-default-auth.nse" }