Nmap Development mailing list archives
Re: HTTP fingerprint NSE?
From: stripes <stripes () tigerlair com>
Date: Wed, 16 May 2012 19:18:47 -0400
On Mon, May 14, 2012 at 08:38:55PM -0700, David Fifield wrote:
You should start with the section labeled ------------------------------------------------ ---- ATTACKS ---- ------------------------------------------------ -- These will search for and possibly exploit vulnerabilities. Some of these, I'm sure, already have scripts. For example, this one is http-vmware-path-vuln.nse
For the ones that already have scripts, should they be left in the http-fingerprints.lua or should they be cleaned up as the NSEs are written?
I think what we want are concrete scripts for things like this: table.insert(fingerprints, { category='attacks', probes={ {path='/downloadFile.php', method='GET'}, {path='/BackupConfig.php', method='GET'} }, matches={ {output='NETGEAR WNDAP350 2.0.1 to 2.0.9 potential file download and SSH root password disclosure'} } })
Ok, cool.. that gives me a start :)
I don't know what this is offhand, but you can probably find out more with a web search. Unfortunately, most of the attack entries in the database, including this one, look like they'll be hard to test without access to vulnerable hardware or software. But if, for example, you can find out enough about this vulnerability that you can write a script that gets the root password from one of these files, then we can ask on the mailing list if anyone has hardware to test it on.
Ok, thanks. I'll see what I can get started on. -Anne -- If you don't know there's a (\`--/') _ _______ .-r-. trampoline in the room, you're >.~.\ `` ` `,`,`. ,'_'~`. not going to dust the ceiling for (v_," ; `,-\ ; : ; \/,-~) \ fingerprints. -Law & Order:SVU `--'_..),-/ ' ' '_.>-' )`.`.__.') stripes at tigerlair dot com ((,((,__..'~~~~~~((,__..' `-..-'fL _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- HTTP fingerprint NSE? stripes (May 14)
- Re: HTTP fingerprint NSE? David Fifield (May 14)
- Re: HTTP fingerprint NSE? stripes (May 14)
- Re: HTTP fingerprint NSE? David Fifield (May 14)
- Re: HTTP fingerprint NSE? stripes (May 16)
- Re: HTTP fingerprint NSE? David Fifield (May 16)
- Re: HTTP fingerprint NSE? stripes (May 14)
- Re: HTTP fingerprint NSE? David Fifield (May 14)