Nmap Development mailing list archives
Fix and addon to http-auth.nse
From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 06 Nov 2008 11:52:48 +0100
Hello! Found out bug in http-auth.nse. It seems that script checked against "YWRtaW46YWRtaW4" base64 encoded string and not "YWRtaW46YWRtaW4=" which is correctly encoded base64 string of "admin:admin". So, the check did not work actually. I've made fix for it in attachment as http-auth.nse.diff Then, I thought, if there's base64 lib in nmap distributed, why not use base64 lib to encode. It will improve script readability and it will ease of adding additional user/pass checks. This fix/addon is in attachment as http-auth.nse-better.diff Feel free to apply one of this patches (not both!) against latest SVN trunk tree. Although, I would recommend http-auth.nse-better.diff to apply. Hope it helps! Kost
--- http-auth.nse.orig 2008-11-06 11:09:11.000000000 +0100 +++ http-auth.nse 2008-11-06 11:13:25.000000000 +0100 @@ -10,6 +10,8 @@ -- HTTP authentication information gathering script -- rev 1.1 (2007-05-25) +-- 2008-11-06 Vlatko Kosturjak <kost () linux hr> +-- * slight fixes against authentication and added test of test:test author = "Thomas Buchanan <tbuchanan () thecompassgrp net>" @@ -53,12 +55,17 @@ end if basic then + answer = http.get(host, port, '/', {header={Authorization="Basic dGVzdDp0ZXN0"}}) + if answer.status ~= 401 and answer.status ~= 403 then + result = result .. " HTTP server may accept user=\"test\" with password=\"test\" for Basic authentication\n" + end + answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46C"}}) if answer.status ~= 401 and answer.status ~= 403 then result = result .. " HTTP server may accept user=\"admin\" with blank password for Basic authentication\n" end - answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46YWRtaW4"}}) + answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46YWRtaW4="}}) if answer.status ~= 401 and answer.status ~= 403 then result = result .. " HTTP server may accept user=\"admin\" with password=\"admin\" for Basic authentication\n" end
--- http-auth.nse.orig 2008-11-06 11:09:11.000000000 +0100 +++ http-auth.nse 2008-11-06 11:47:57.000000000 +0100 @@ -10,6 +10,8 @@ -- HTTP authentication information gathering script -- rev 1.1 (2007-05-25) +-- 2008-11-06 Vlatko Kosturjak <kost () linux hr> +-- * bug fixes against base64 encoded strings + more flexible auth/pass check author = "Thomas Buchanan <tbuchanan () thecompassgrp net>" @@ -19,12 +21,14 @@ require "shortport" require "http" +require "base64" portrule = shortport.port_or_service({80, 443, 8080}, {"http","https"}) action = function(host, port) - local realm,scheme,result + local realm,scheme,result,authheader,i local basic = false + local authcombinations= {"test:test", "admin:admin", "admin:", "admin:test"} local answer = http.get( host, port, "/" ) @@ -53,14 +57,12 @@ end if basic then - answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46C"}}) - if answer.status ~= 401 and answer.status ~= 403 then - result = result .. " HTTP server may accept user=\"admin\" with blank password for Basic authentication\n" - end - - answer = http.get(host, port, '/', {header={Authorization="Basic YWRtaW46YWRtaW4"}}) - if answer.status ~= 401 and answer.status ~= 403 then - result = result .. " HTTP server may accept user=\"admin\" with password=\"admin\" for Basic authentication\n" + for i = 1, #authcombinations, 1 do + authheader = "Basic " .. enc(authcombinations[i]) + answer = http.get(host, port, '/', {header={Authorization=authheader}}) + if answer.status ~= 401 and answer.status ~= 403 then + result = result .. " HTTP server may accept " .. authcombinations[i] .. " combination for Basic authentication\n" + end end end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 07)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)