PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-17 13:09:02 +00:00
Code Issues Projects Releases Wiki Activity

Fingerprint for Tomcat Host Manager. Closes #1755

Browse Source
This commit is contained in:
nnposter
2019-12-03 02:28:41 +00:00
parent 04a3effbed
commit e7e7e9e8c7
2 changed files with 49 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -31,6 +31,9 @@ o [NSE][GH#1720] Functions lsa_lookupnames2 and lsa_lookupsids2 in library
msrpc were incorrectly referencing function strjoin when called with debug msrpc were incorrectly referencing function strjoin when called with debug
level 2 or higher. [Ivan Ivanov] level 2 or higher. [Ivan Ivanov]
o [NSE][GH#1755] Added a default account fingerprint for Tomcat Host Manager.
[Clément Notin]
o [NSE][GH#1476][GH#1707] A MS-SMB spec non-compliance in Samba was causing o [NSE][GH#1476][GH#1707] A MS-SMB spec non-compliance in Samba was causing
protocol negotiation to fail with data string too short error. protocol negotiation to fail with data string too short error.
[Clément Notin, nnposter] [Clément Notin, nnposter]

47
nselib/data/http-default-accounts-fingerprints.lua
View File

@@ -385,13 +385,16 @@ table.insert(fingerprints, {
}) })
table.insert(fingerprints, { table.insert(fingerprints, {
-- Version 4.1.31, 6.0.24, 7.0.54
name = "Apache Tomcat", name = "Apache Tomcat",
cpe = "cpe:/a:apache:tomcat", cpe = "cpe:/a:apache:tomcat",
category = "web", category = "web",
paths = { paths = {
{path = "/manager/html/"}, {path = "/manager/html/"},
{path = "/manager/status/"},
{path = "/manager/text/"},
{path = "/tomcat/manager/html/"}, {path = "/tomcat/manager/html/"},
{path = "/tomcat/manager/status/"},
{path = "/tomcat/manager/text/"},
{path = "/cognos_express/manager/html/"} {path = "/cognos_express/manager/html/"}
}, },
target_check = function (host, port, path, response) target_check = function (host, port, path, response)
@@ -426,6 +429,48 @@ table.insert(fingerprints, {
end end
}) })
table.insert(fingerprints, {
name = "Apache Tomcat Host Manager",
cpe = "cpe:/a:apache:tomcat",
category = "web",
paths = {
{path = "/host-manager/html/"},
{path = "/host-manager/text/"},
{path = "/tomcat/host-manager/html/"},
{path = "/tomcat/host-manager/text/"}
},
target_check = function (host, port, path, response)
return http_auth_realm(response) == "Tomcat Host Manager Application"
end,
login_combos = {
{username = "tomcat", password = "tomcat"},
{username = "admin", password = "admin"},
-- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3548
{username = "admin", password = ""},
-- https://github.com/seshendra/vagrant-ubuntu-tomcat7/
{username = "admin", password = "tomcat"},
-- https://github.com/apache/tomcat/blob/2b8f9665dbfb89c78878784cd9b63d2b976ba623/webapps/manager/WEB-INF/jsp/403.jsp#L66
{username = "tomcat", password = "s3cret"},
-- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4094
{username = "ADMIN", password = "ADMIN"},
-- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4189
{username = "ovwebusr", password = "OvW*busr1"},
-- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4188
{username = "j2deployer", password = "j2deployer"},
-- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-0557
{username = "cxsdk", password = "kdsxc"},
-- XAMPP https://www.apachefriends.org/index.html
{username = "xampp", password = "xampp"},
-- QLogic QConvergeConsole http://www.qlogic.com/
{username = "QCC", password = "QLogic66"},
-- HAPI FHIR http://hapifhir.io/
{username = "fhir", password = "FHIRDefaultPassword"}
},
login_check = function (host, port, path, user, pass)
return try_http_basic_login(host, port, path, user, pass, false)
end
})
table.insert(fingerprints, { table.insert(fingerprints, {
name = "Apache Felix OSGi Management Console", name = "Apache Felix OSGi Management Console",
category = "web", category = "web",