Nmap Development mailing list archives
Re: http-form-brute: uservar bug
From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 11 May 2011 15:07:43 +0200
Den 2011-05-11 14.09 skrev Daniel Miller <bonsaiviking () gmail com>:
I got a chance to look at this, and the problem is that the script retrieves the argument, then checks if uservar OR passvar are not set. If either is not set, it looks through the page to try to guess the right fields. If it can't guess, then it sets them BOTH to nil. Here's a patch that checks if either is set separately and guesses only for the unset field:
Thank's Josh for finding and reporting this and thank you Daniel for taking the time to fix it. I've committed the patch with a tiny addition of declaring the _ local. It should be in as r23139.
Index: http-form-brute.nse =================================================================== --- http-form-brute.nse (revision 23138) +++ http-form-brute.nse (working copy) @@ -134,8 +134,12 @@ local path = nmap.registry.args['http-form-brute.path'] or "/" local status, result, engine - if ( not(uservar) or not(passvar) ) then + if ( not(uservar) and not(passvar) ) then uservar, passvar = detectFormFields( host, port, path ) + elseif ( not(uservar) ) then + uservar, _ = detectFormFields( host, port, path ) + elseif ( not(passvar) ) then + _, passvar = detectFormFields( host, port, path ) end if ( not( uservar ) ) then return " \n ERROR: No uservar was specified (see http-form-brute.uservar)" Dan On Tue, May 10, 2011 at 9:49 PM, Josh Greenwood <joshgreenwood () gmail com>wrote:If I'm reading the documentation correctly, the following scan should work: ./nmap --script http-form-brute --script-args http-form-brute.uservar=username 192.168.0.1 Yet I get the following error: PORT STATE SERVICE 80/tcp open http | http-form-brute: |_ ERROR: No uservar was specified (see http-form-brute.uservar) Am I providing the uservar value incorrectly, or is this a bug? I'm using nmap 5.51SVN, revision 23136. Please let me know if I can provide additional information. Thanks, Josh _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-form-brute: uservar bug Josh Greenwood (May 10)
- Re: http-form-brute: uservar bug Daniel Miller (May 11)
- Re: http-form-brute: uservar bug Patrik Karlsson (May 11)
- Re: http-form-brute: uservar bug Daniel Miller (May 11)