Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File http-config-backup

Script types: portrule
Categories: auth, intrusive
Download: http://nmap.org/svn/scripts/http-config-backup.nse

User Summary

Checks for backups and swap files of common content management system and web server configuration files.

When web server files are edited in place, the text editor can leave backup or swap files in a place where the web server can serve them. The script checks for these files:

  • wp-config.php: WordPress
  • config.php: phpBB, ExpressionEngine
  • configuration.php: Joomla
  • LocalSettings.php: MediaWiki
  • /mediawiki/LocalSettings.php: MediaWiki
  • mt-config.cgi: Movable Type
  • mt-static/mt-config.cgi: Movable Type
  • settings.php: Drupal
  • .htaccess: Apache

And for each of these file applies the following transformations (using config.php as an example):

  • config.bak: Generic backup.
  • config.php.bak: Generic backup.
  • config.php~: Vim, Gedit.
  • #config.php#: Emacs.
  • config copy.php: Mac OS copy.
  • Copy of config.php: Windows copy.
  • config.php.save: GNU Nano.
  • .config.php.swp: Vim swap.
  • config.php.swp: Vim swap.
  • config.php.old: Generic backup.

This script is inspired by the CMSploit program by Feross Aboukhadijeh: http://www.feross.org/cmsploit/.

Script Arguments

http-config-backup.save

directory to save all the valid config files found

http-config-backup.path

the path where the CMS is installed

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script=http-config-backup <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-config-backup:
|   /%23wp-config.php%23 HTTP/1.1 200 OK
|_  /config.php~ HTTP/1.1 200 OK

Requires


Author: Riccardo Cecolin

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]