mirror of
https://github.com/nmap/nmap.git
synced 2025-12-09 22:21:29 +00:00
c25be95b59
was getting errors like SCRIPT ENGINE: [string "Global Access"]:1: Attempted to change the global 'socket' in c:david mapmswin32DebugscriptsxamppDefaultPass.nse - use nmap.registry if you really wan t to share data between scripts. Notice that there's another issue with the error message, which is that backslashes in the file name are being interpreted as beginning escape sequences (see how the '\n' in "C:\david\nmap" turned into a newline.
55 lines
1.2 KiB
Lua
55 lines
1.2 KiB
Lua
id = "XAMPP default pwd"
|
|
|
|
description = "If the remote host is running XAMP (an Apache distribution\
|
|
designed for easy installation and administration) and XAMPP's FTP server is\
|
|
allows access with nobody/xampp then we report it."
|
|
|
|
author = "Diman Todorov <diman.todorov@gmail.com>"
|
|
|
|
license = "See nmaps COPYING for licence"
|
|
|
|
categories = {"vulnerability"}
|
|
|
|
require "shortport"
|
|
|
|
portrule = shortport.port_or_service(21, "ftp")
|
|
|
|
login = function(socket, user, pass)
|
|
local status, err
|
|
local res = ""
|
|
status, err = socket:send("USER " .. user .. "\n")
|
|
status, err = socket:send("PASS " .. pass .. "\n")
|
|
|
|
-- consume the banner and stuff
|
|
while true do
|
|
status, res = socket:receive_lines(1)
|
|
if
|
|
not string.match(res, "^220")
|
|
and not string.match(res, "^331 ")
|
|
then
|
|
break
|
|
end
|
|
end
|
|
|
|
-- are we logged in?
|
|
if string.match(res, "^230") then
|
|
return "Login success with u/p: " .. user .. "/" .. pass
|
|
end
|
|
end
|
|
|
|
action = function(host, port)
|
|
local res
|
|
local socket = nmap.new_socket()
|
|
|
|
socket:connect(host.ip, port.number)
|
|
res = login(socket, "nobody", "e0e0e0e0")
|
|
socket:close()
|
|
|
|
socket:connect(host.ip, port.number)
|
|
res = login(socket, "nobody", "xampp")
|
|
socket:close()
|
|
|
|
return res
|
|
end
|
|
|