Updates script to detect other vulnerable services and removes useless redirection ports from the execution rule. See GH#876

2025-12-06 20:51:30 +00:00 · 2017-05-09 17:24:55 +00:00
parent edbb4c90ed
commit c51c0b6e86
1 changed files with 2 additions and 2 deletions
--- a/scripts/http-vuln-cve2017-5689.nse
+++ b/scripts/http-vuln-cve2017-5689.nse
@@ -80,7 +80,7 @@ author = "Andrew Orr"
 license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
 categories = { "vuln", "auth", "exploit" }
-portrule = shortport.port_or_service({623, 664, 16992, 16993, 16994, 16995}, "amt-soap-http")
+portrule = shortport.port_or_service({623, 664, 16992, 16993}, "amt-soap-http")
 action = function(host, port)
  local vuln = {
@@ -108,7 +108,7 @@ digest parameter.
  local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
  local response = http.get(host, port, '/index.htm')
-  if response.header['server'] and response.header['server']:find('Intel(R) Active Management Technology', 1, true) 
+  if response.header['server'] and response.header['server']:find('Intel(R)', 1, true) 
    and response.status and response.status == 401 then
      local www_authenticate = http.parse_www_authenticate(response.header['www-authenticate'])
      local auth_header = string.format("Digest username=\"admin\", realm=\"%s\", nonce=\"%s\", uri=\"index.htm\"," ..