Nmap Development mailing list archives
Re: Fix and addon to http-auth.nse
From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Nov 2008 19:55:13 -0700
On Thu, Nov 06, 2008 at 11:52:48AM +0100, Vlatko Kosturjak wrote:
Found out bug in http-auth.nse. It seems that script checked against "YWRtaW46YWRtaW4" base64 encoded string and not "YWRtaW46YWRtaW4=" which is correctly encoded base64 string of "admin:admin". So, the check did not work actually.
Thanks for the contribution! Good job noticing the bug. I'd like to apply your http-auth.nse-better.diff, but first I'd like you to make a few changes. You can rewrite the authentication-testing loop in a more idiomatic style. Instead of for i = 1, #authcombinations, 1 do use for _, combination in ipairs(authcombinations) do Please add an @output section as described at http://nmap.org/book/nse-documentation.html#nse-documentation-script Since you must have a server to test this against now is a good opportunity to record this script's output. Can you give examples of applications that use test:test by default for authentication? I want to be sure there's evidence for it before adding it to the script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 07)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)