PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity
Files
12892ad59a3ee6bbd8ed40e4ea54e89ffc531712
nmap/scripts/xamppDefaultPass.nse
david 84afa54d3a Update and proofread documentation of all the scripts, with the exception of 
nbstat.nse and smb-*.nse, which Ron is going to do.
2008-10-25 03:11:25 +00:00

62 lines
1.3 KiB
Lua
Raw Blame History

id = "XAMPP default pwd"
description = [[
Check if an XAMP or XAMPP FTP server uses a default username and password.
XAMP is an Apache distribution designed for easy installation and
administration.
]]
---
-- @output
-- 21/tcp open ftp
-- |_ Login success with u/p: nobody/xampp
author = "Diman Todorov <diman.todorov@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "vuln"}
require "shortport"
portrule = shortport.port_or_service(21, "ftp")
login = function(socket, user, pass)
local status, err
local res = ""
status, err = socket:send("USER " .. user .. "\n")
status, err = socket:send("PASS " .. pass .. "\n")
-- consume the banner and stuff
while true do
status, res = socket:receive_lines(1)
if
not string.match(res, "^220")
and not string.match(res, "^331 ")
then
break
end
end
-- are we logged in?
if string.match(res, "^230") then
return "Login success with u/p: " .. user .. "/" .. pass
end
end
action = function(host, port)
local res
local socket = nmap.new_socket()
socket:connect(host.ip, port.number)
res = login(socket, "nobody", "e0e0e0e0")
socket:close()
socket:connect(host.ip, port.number)
res = login(socket, "nobody", "xampp")
socket:close()
return res
end
Reference in New Issue View Git Blame Copy Permalink