Nmap Development mailing list archives
Re: [NSE Script] HTTP probe for /etc/passwd
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 22 Jul 2007 00:18:33 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 21 Jul 2007 19:05:29 -0500 plus or minus some time Kris Katterjohn <katterjohn () gmail com> wrote:
Kris Katterjohn wrote:I added a few of your ideas, and separated it into functions. It's really easy to add any other ideas now.Okay, I made a couple more changes: 1) Use //etc/passwd instead of /etc/passwd
On the webserver I have access to that was actually return /etc/passwd when requested, adding the extra '/' makes it not work. Go figure. I'm not sure which is better and both might be a few too many probes.
2) Added the one that uses \/
This should work for poorly designed webservers that check against a blacklist like '../' before going through an 'unescape' function. I'll run a scan later today to see if I can get anything turns up with this.
3) Made httpget() to avoid repeating "GET" and "HTTP/1.0\r\n\r\n"
Looks good.
That makes five tests. If people like it, I'll add it to SVN. Unless you have some more good ideas for me before I do :)
If we're taking a vote, count mine early and often :-p
Thanks, Kris Katterjohn
Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGoqJZqaGPzAsl94IRAszwAJ4jBbXNhvL1jSienB+w6myZ0pCz3gCeO/J1 gNiV11QIWC0UEcPGQ7+dHNA= =07gp -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE Script] HTTP probe for /etc/passwd Kris Katterjohn (Jul 20)
- Re: [NSE Script] HTTP probe for /etc/passwd MadHat Unspecific (Jul 20)
- Re: [NSE Script] HTTP probe for /etc/passwd Brandon Enright (Jul 20)
- Re: [NSE Script] HTTP probe for /etc/passwd Kris Katterjohn (Jul 20)
- Re: [NSE Script] HTTP probe for /etc/passwd Kris Katterjohn (Jul 21)
- Re: [NSE Script] HTTP probe for /etc/passwd Brandon Enright (Jul 21)
- Re: [NSE Script] HTTP probe for /etc/passwd Kris Katterjohn (Jul 21)
- Re: [NSE Script] HTTP probe for /etc/passwd Brandon Enright (Jul 20)
- Re: [NSE Script] HTTP probe for /etc/passwd Brandon Enright (Jul 21)
- Re: [NSE Script] HTTP probe for /etc/passwd Kris Katterjohn (Jul 21)
- Re: [NSE Script] HTTP probe for /etc/passwd Fyodor (Jul 21)
- Re: [NSE Script] HTTP probe for /etc/passwd Brandon Enright (Jul 22)
- Re: [NSE Script] HTTP probe for /etc/passwd Fyodor (Jul 22)
- Re: [NSE Script] HTTP probe for /etc/passwd MadHat Unspecific (Jul 20)
- Re: [NSE Script] HTTP probe for /etc/passwd Gaveen Prabhasara (Jul 22)
- Re: [NSE Script] HTTP probe for /etc/passwd Arturo 'Buanzo' Busleiman (Jul 22)
- Re: [NSE Script] HTTP probe for /etc/passwd Gaveen Prabhasara (Jul 22)
- Re: [NSE Script] HTTP probe for /etc/passwd Arturo 'Buanzo' Busleiman (Jul 23)