PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-21 15:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Treat 5xx errors as success (guessed password) in http-brute.

Browse Source 
This was suggested by Toni Ruottu in
http://seclists.org/nmap-dev/2011/q1/940.
This commit is contained in:
david
2011-04-28 04:14:54 +00:00
parent f1a9fdd165
commit de9d0362e0
1 changed files with 3 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/http-brute.nse
View File

@@ -68,12 +68,10 @@ Driver = {
-- incorrectly tells us that the authentication was successfull -- incorrectly tells us that the authentication was successfull
local response = http.generic_request( self.host, self.port, self.method, self.path, { auth = { username = username, password = password }, no_cache = true }) local response = http.generic_request( self.host, self.port, self.method, self.path, { auth = { username = username, password = password }, no_cache = true })
-- We should probably do more tests here, 500 error and redirects -- Checking for ~= 401 *should* work to
-- should be possible candidates. checking for ~= 401 *should* work to
-- but gave me a number of false positives last time I tried. -- but gave me a number of false positives last time I tried.
-- After Davids initial review we decided to change it to not 4xx and -- We decided to change it to ~= 4xx.
-- not 5xx. That would roughly equal the following: if ( response.status < 400 or response.status > 499 ) then
if ( response.status < 400 or response.status > 599 ) then
if ( not( nmap.registry['credentials'] ) ) then if ( not( nmap.registry['credentials'] ) ) then
nmap.registry['credentials'] = {} nmap.registry['credentials'] = {}
end end