Nmap Development mailing list archives
Re: http-iis-short-name-brute.nse BUG?
From: "Dev (nmap)" <dev.kyckel () gmail com>
Date: Wed, 26 Sep 2012 09:38:25 +0200
On 2012-09-26 02:33, Patrik Karlsson wrote:
On Wed, Sep 26, 2012 at 12:38 AM, Dev (nmap) <dev.kyckel () gmail com <mailto:dev.kyckel () gmail com>> wrote:Hi Richard, Thanks for testing the script. In regards to your first question, the script only finds the short name of the files, this means the first 6 letters in the file/folder name and the last 3 letters of the extension. This means that in the case of, say, 'test~1.asp', the full file name is known, since only 4 letters have been found, and it seems that the extension also has been found since '.asp' is a valid extension. But since only 3 letters of the extension can be found, the real extension might be (and in this case, it is) '.aspx'. If you'd like to know more about the inter-workings, the original POC author has written a more in depth description of the method: http://code.google.com/p/iis-shortname-scanner-poc/ in the research file. The script requires that the service is identified as a 'http' service, so you could try to add the '-sV' option to your command. Hope this helps. Regards, JesperYou could also force script execution by prefixing the script with a plus (+) which would execute it against any open port. Comparing to -sV it's a little faster as Nmap doesn't do any version or application detection.//Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
Thanks for the tip! I didn't know that. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-iis-short-name-brute.nse BUG? Richard Miles (Sep 25)
- Re: http-iis-short-name-brute.nse BUG? Dev (nmap) (Sep 25)
- Re: http-iis-short-name-brute.nse BUG? Patrik Karlsson (Sep 25)
- Re: http-iis-short-name-brute.nse BUG? Dev (nmap) (Sep 26)
- Re: http-iis-short-name-brute.nse BUG? Richard Miles (Sep 26)
- Re: http-iis-short-name-brute.nse BUG? Richard Miles (Sep 26)
- Re: http-iis-short-name-brute.nse BUG? Dev (nmap) (Sep 27)
- Re: http-iis-short-name-brute.nse BUG? Richard Miles (Sep 28)
- Re: http-iis-short-name-brute.nse BUG? Patrik Karlsson (Sep 25)
- Re: http-iis-short-name-brute.nse BUG? Dev (nmap) (Sep 25)