Nmap Development mailing list archives
Re: Fix and addon to http-auth.nse
From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Nov 2008 19:55:13 -0700
On Thu, Nov 06, 2008 at 11:52:48AM +0100, Vlatko Kosturjak wrote:
Found out bug in http-auth.nse. It seems that script checked against "YWRtaW46YWRtaW4" base64 encoded string and not "YWRtaW46YWRtaW4=" which is correctly encoded base64 string of "admin:admin". So, the check did not work actually.
Thanks for the contribution! Good job noticing the bug. I'd like to
apply your http-auth.nse-better.diff, but first I'd like you to make a
few changes.
You can rewrite the authentication-testing loop in a more idiomatic
style. Instead of
for i = 1, #authcombinations, 1 do
use
for _, combination in ipairs(authcombinations) do
Please add an @output section as described at
http://nmap.org/book/nse-documentation.html#nse-documentation-script
Since you must have a server to test this against now is a good
opportunity to record this script's output.
Can you give examples of applications that use test:test by default for
authentication? I want to be sure there's evidence for it before adding
it to the script.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 07)
- Re: Fix and addon to http-auth.nse Vlatko Kosturjak (Nov 06)
- Re: Fix and addon to http-auth.nse David Fifield (Nov 06)