Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE Script] HTTP probe for /etc/passwd

From: Fyodor <fyodor () insecure org>
Date: Sun, 22 Jul 2007 00:34:36 -0700
On Sun, Jul 22, 2007 at 07:05:30AM +0000, Brandon Enright wrote:


Hmm... Maybe I'm missing something.  What I was suggesting is take for
example this HTTP server running on port 631.  It return a service
fingerprint who's first probe is:

(GetRequest,50,"HTTP/1\.1\x20500\x20Internal\x20Error\r\nServer:\x20Virata-EmWeb/R6_2_1\r\n\r\n500\x20Internal\x20Error\r\n")


Here the problem is that the service is unknown by version detection.
If you know the details of this device, please submit the fingerprint.
Then it should properly be detected as IPP or HTTP as appropriate.  It
may be that IPP uses http transport and thus IPP is still the best
service name for this service.  In that case, the script could be
updated to allow IPP if it is thought likely that IPP services are
vulnerable

The port rules which cause scripts to run only against likely target
ports are an important optimization.  But we could consider at some
point adding a feature which means "run scripts against all services"
kind of like the way we have varying levels of version scanning
intensity.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: