PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

o http-auth.nse now properly checks for default authentication

Browse Source 
credentials. A bug prevented it from working before. [Vlatko
  Kosturjak]
This commit is contained in:
david
2008-11-07 17:16:20 +00:00
parent 2b79162d61
commit e8adfb9599
2 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,9 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o http-auth.nse now properly checks for default authentication
credentials. A bug prevented it from working before. [Vlatko
Kosturjak]
o Renamed irc-zombie.nse to auth-spoof and improved its description o Renamed irc-zombie.nse to auth-spoof and improved its description
and output a bit. [Fyodor] and output a bit. [Fyodor]

21
scripts/http-auth.nse
View File

@@ -5,11 +5,16 @@ authentication.
--- ---
-- @output -- @output
-- 80/tcp open http
-- | http-auth: HTTP Service requires authentication -- | http-auth: HTTP Service requires authentication
-- |_ Auth type: Basic, realm = DSL Router -- | Auth type: Basic, realm = Password Required
-- |_ HTTP server may accept admin:admin combination for Basic authentication
-- HTTP authentication information gathering script -- HTTP authentication information gathering script
-- rev 1.1 (2007-05-25) -- rev 1.1 (2007-05-25)
-- 2008-11-06 Vlatko Kosturjak <kost@linux.hr>
-- * bug fixes against base64 encoded strings, more flexible auth/pass check,
-- corrected sample output
author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>" author = "Thomas Buchanan <tbuchanan@thecompassgrp.net>"
@@ -19,12 +24,14 @@ categories = {"default", "auth", "intrusive"}
require "shortport" require "shortport"
require "http" require "http"
require "base64"
portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"}) portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"})
action = function(host, port) action = function(host, port)
local realm,scheme,result local realm,scheme,result,authheader
local basic = false local basic = false
local authcombinations= {"admin:", "admin:admin"}
local answer = http.get( host, port, "/" ) local answer = http.get( host, port, "/" )
@@ -53,14 +60,12 @@ action = function(host, port)
end end
if basic then if basic then
answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46C"}}) for _, combination in pairs (authcombinations) do
authheader = "Basic " .. base64.enc(combination)
answer = http.get(host, port, '/', {header={Authorization=authheader}})
if answer.status ~= 401 and answer.status ~= 403 then if answer.status ~= 401 and answer.status ~= 403 then
result = result .. " HTTP server may accept user=\"admin\" with blank password for Basic authentication\n" result = result .. " HTTP server may accept " .. combination .. " combination for Basic authentication\n"
end end
answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46YWRtaW4"}})
if answer.status ~= 401 and answer.status ~= 403 then
result = result .. " HTTP server may accept user=\"admin\" with password=\"admin\" for Basic authentication\n"
end end
end end