|
Nmap Development
mailing list archives
Re: [NSE Script] HTTP probe for /etc/passwd
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sun, 22 Jul 2007 07:05:30 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, 21 Jul 2007 22:36:55 -0700 plus or minus some time Fyodor
<fyodor () insecure org> wrote:
Well it should still run as long as version detection is used. And I
would in general strongly recommend version detection be used whenever
-sC is. The -A option includes both.
Hmm... Maybe I'm missing something. What I was suggesting is take for
example this HTTP server running on port 631. It return a service
fingerprint who's first probe is:
(GetRequest,50,"HTTP/1\.1\x20500\x20Internal\x20Error\r\nServer:\x20Virata-EmWeb/R6_2_1\r\n\r\n500\x20Internal\x20Error\r\n")
In the port-state table Nmap lists the 631 as:
631/tcp open ipp?
This service is an HTTP server but the 'service' name is 'ipp?'. Are you
saying that with -sV this script would run? If it does I must be missing
something; it wouldn't be the first time. If it doesn't, it illustrates why
it might be nice to run Kris's directory transversal script against this
HTTP server to check to see if the programmers of yet-another-http-server
have made a stupid blunder like so many have before them.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGowG6qaGPzAsl94IRAlyVAJ9k+ankcFCeltHPofJ9XLfN+T5VbACeKB5v
xf53ykjY/Snu8O2plcwA8n4=
=+o/g
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
| 
Intro
