Home page logo
/

nmap-dev logo Nmap Development mailing list archives

hexify() problem in http-passwd.nse
From: Joao Correa <joao () livewire com br>
Date: Sun, 31 May 2009 16:47:31 -0300

Kris, thanks for you answer and for the reference.

My doubt is if, with the http-passwd.nse script, you are trying to
retrieve the passwd file directly, or if it is used to retrieve the
file as a parameter for the web application, just like descripted in
[1].

Considering the source code I can only think about the first option,
but in this case we fall on the problem descripted on my first e-mail
(I´ve tried to reproduce the scenario here, but the hexed chars were
not decoded by the Apache, leading to failure). As mentioned before,
when I have removed the hexify function and sent the dir function
without special encoding, it worked fine. I don´t think it is the
expected behavior.

Since the script dates from 2007 and the mentioned RFC dates from
2005, I don´t believe that it is a problem of lost compatibility due
to Apache getting fit to the RFC.

Have you used the script recently? Which web servers have you tried to exploit?

Thanks a lot,
João Correa

[1] - http://en.wikipedia.org/wiki/Directory_traversal

On Sat, May 30, 2009 at 3:04 PM, Kris Katterjohn <katterjohn () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Joao Correa wrote:
Anyway, I'm still in doubt about in which cases the script should be
correctly used.


I'm not really sure what you mean here, but maybe reading the original thread
will help.  This was one of my very first scripts, and you'll see why I thank
Brandon in the comments :)

http://seclists.org/nmap-dev/2007/q3/index.html#102

Thanks,
João


Cheers,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJKIXU0AAoJEEQxgFs5kUfu8qEP/1aUXvy1hZZQoZgtOCwAskJ1
/reSkRpOP0y36/WfC0z0waIYxJrFqCVuKgAaHb2yc+6rxFbdvqdXu+wPl9xvXjA6
TlqHiGSuXIBLIrb9XCBZRYURd7C00k9fkW+FAJ/StYbv0fnbqEI9EoFlQmNAaTSa
Qw/+g4hX26/Fo4Lvu2ySmcxi2CRTOvKD9r0HMqMRzYLjw5zOy0k9kHxMzBZXXPnr
O8ACQsbxuwA4LP5iVGEtvai+WD6AcQxGs4hPboWhRL2HTQJHikcHxSl7/U6iv2bz
SBQidsxj3QPtqC+47+iyqAw1JcTl82w/ldfeiqM3MXPUCRjB6B1qhTStHS0Hmyci
MKiuQeM2rDVJzquCPY2ZpT2OS2Kqhn5ezyuhfK9k4/jWHvn2/WmTEdkqf7vy6AiG
/K0ARvx+MwiqkXg7mtSbSvi3+1V/k6Nf/33GfRzkCmmekM+1Nr4GXuOT9/K7hsko
aHxBbkSSZN794RAjOc/eIE8scgX5z2MIOwGbjIa2jt2g/sSJUUG4do4ZDzh86Gxh
NbhUIeYnxPLZLhvG8oTDCmHeFbSiaxMSz7UExtDax0iAIjBY5/G58yXJ9XD39AvT
7WqA/2Eu4pysp1pPJrGvGHRZ5PIy/Kq1YJcB/dMfMIawHkSkaLi1coRIuZTSS6r3
kyY0zFPh/gDDPhT2Qknf
=DtVO
-----END PGP SIGNATURE-----


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault