Nmap Development mailing list archives
Re: Nmap Erros on URI using NSE
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 9 Aug 2014 14:36:25 -0500
On Sat, Aug 9, 2014 at 5:22 AM, Shritam Bhowmick <shritam.bhowmick () gmail com
wrote:
nmap pentesteracademylab.appspot.com --script=http-form-brute --script-args 'http-form-brute.path=/lab/webapp/1, http-form-brute.hostname= pentesteracademylab.appspot.com, passdb=/root/Desktop/pentesteracademy/challenge1/password.txt, userdb=/root/Desktop/pentesteracademy/challenge1/users.txt, http-form-brute.passvar=password, http-form-brute.uservar=email' -vvv Here is the GET request: http://pentesteracademylab.appspot.com/lab/webapp/1?email=&password= Error Logs: 80/tcp open http | http-form-brute: |_ ERROR: Failed to retrieve path (/lab/webapp/1) from server 443/tcp open https | http-form-brute: |_ ERROR: Failed to retrieve path (/lab/webapp/1) from server
Shritam, The site you are testing only accepts GET requests to that URI. The http-form-brute script only sends authentication in POST requests, because that is the most common case. You can change the script to send GET requests instead by applying the following patch: Index: scripts/http-form-brute.nse =================================================================== --- scripts/http-form-brute.nse (revision 33448) +++ scripts/http-form-brute.nse (working copy) @@ -155,7 +155,7 @@ end, postRequest = function( host, port, path, options ) - local response = http.post( host, port, path, { no_cache = true }, nil, options ) + local response = http.get( host, port, path, { no_cache = true }, nil, options ) local status = ( response and tonumber(response.status) ) or 0 if ( status > 300 and status < 400 ) then local new_path = url.absolute(path, response.header.location) If this were a real web application instead of a learning lab, I would report this as a finding: sending authentication credentials in a GET request is not recommended because the request may be cached or logged, leaking the credentials. Dan _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 09)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 10)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 10)
- Re: Nmap Erros on URI using NSE Robin Wood (Aug 10)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 11)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 09)
- Re: Nmap Erros on URI using NSE nnposter (Aug 12)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 13)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
- Re: Nmap Erros on URI using NSE nnposter (Aug 14)
- Re: Nmap Erros on URI using NSE Shritam Bhowmick (Aug 14)
- Re: Nmap Erros on URI using NSE Daniel Miller (Aug 09)