mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 12:41:29 +00:00
6fbc8868a9
make them look better in output. The full list of changes is anonFTP => ftp-anon ASN => asn-query brutePOP3 => pop3-brute bruteTelnet => telnet-brute daytimeTest => daytime dns-safe-recursion-port => dns-random-srcport dns-safe-recursion-txid => dns-random-txid dns-test-open-recursion => dns-recursion ftpbounce => ftp-bounce HTTPAuth => http-auth HTTP_open_proxy => http-open-proxy HTTPpasswd => http-passwd HTTPtrace => http-trace iax2Detect => iax2-version ircServerInfo => irc-info ircZombieTest => irc-zombie MSSQLm => ms-sql-info MySQLinfo => mysql-info popcapa => pop3-capabilities PPTPversion => pptp-version promiscuous => sniffer-detect RealVNC_auth_bypass => realvnc-auth-bypass robots => robots.txt showHTMLTitle => html-title showOwner => identd-owners skype_v2-version => skypev2-version smb-enumdomains => smb-enum-domains smb-enumsessions => smb-enum-sessions smb-enumshares => smb-enum-shares smb-enumusers => smb-enum-users smb-serverstats => smb-server-stats smb-systeminfo => smb-system-info SMTPcommands => smtp-commands SMTP_openrelay_test => smtp-open-relay SNMPcommunitybrute => snmp-brute SNMPsysdescr => snmp-sysdescr SQLInject => sql-injection SSH-hostkey => ssh-hostkey SSHv1-support => sshv1 SSLv2-support => sslv2 strangeSMTPport => smtp-strangeport UPnP-info => upnp-info xamppDefaultPass => xampp-default-auth zoneTrans => zone-transfer
61 lines
1.3 KiB
Lua
61 lines
1.3 KiB
Lua
description = [[
|
|
Check if an XAMP or XAMPP FTP server uses a default username and password.
|
|
|
|
XAMP is an Apache distribution designed for easy installation and
|
|
administration.
|
|
]]
|
|
|
|
---
|
|
-- @output
|
|
-- 21/tcp open ftp
|
|
-- |_ xampp-default-auth: Login success with u/p: nobody/xampp
|
|
|
|
author = "Diman Todorov <diman.todorov@gmail.com>"
|
|
|
|
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
|
|
|
|
categories = {"auth", "vuln"}
|
|
|
|
require "shortport"
|
|
|
|
portrule = shortport.port_or_service(21, "ftp")
|
|
|
|
login = function(socket, user, pass)
|
|
local status, err
|
|
local res = ""
|
|
status, err = socket:send("USER " .. user .. "\n")
|
|
status, err = socket:send("PASS " .. pass .. "\n")
|
|
|
|
-- consume the banner and stuff
|
|
while true do
|
|
status, res = socket:receive_lines(1)
|
|
if
|
|
not string.match(res, "^220")
|
|
and not string.match(res, "^331 ")
|
|
then
|
|
break
|
|
end
|
|
end
|
|
|
|
-- are we logged in?
|
|
if string.match(res, "^230") then
|
|
return "Login success with u/p: " .. user .. "/" .. pass
|
|
end
|
|
end
|
|
|
|
action = function(host, port)
|
|
local res
|
|
local socket = nmap.new_socket()
|
|
|
|
socket:connect(host.ip, port.number)
|
|
res = login(socket, "nobody", "e0e0e0e0")
|
|
socket:close()
|
|
|
|
socket:connect(host.ip, port.number)
|
|
res = login(socket, "nobody", "xampp")
|
|
socket:close()
|
|
|
|
return res
|
|
end
|
|
|