Treat 5xx errors as success (guessed password) in http-brute.

This was suggested by Toni Ruottu in http://seclists.org/nmap-dev/2011/q1/940.
2025-12-21 15:09:02 +00:00 · 2011-04-28 04:14:54 +00:00
parent f1a9fdd165
commit de9d0362e0
1 changed files with 3 additions and 5 deletions
--- a/scripts/http-brute.nse
+++ b/scripts/http-brute.nse
@@ -68,12 +68,10 @@ Driver = {
 		-- incorrectly tells us that the authentication was successfull
 		local response = http.generic_request( self.host, self.port, self.method, self.path, { auth = { username = username, password = password }, no_cache = true })

-		-- We should probably do more tests here, 500 error and redirects
-		-- should be possible candidates. checking for ~= 401 *should* work to
+		-- Checking for ~= 401 *should* work to
 		-- but gave me a number of false positives last time I tried.
-		-- After Davids initial review we decided to change it to not 4xx and
-		-- not 5xx. That would roughly equal the following:
-		if ( response.status < 400 or response.status > 599 ) then
+		-- We decided to change it to ~= 4xx.
+		if ( response.status < 400 or response.status > 499 ) then
 			if ( not( nmap.registry['credentials'] ) ) then
 				nmap.registry['credentials'] = {}
 			end