Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File http-default-accounts

Script types: portrule
Categories: discovery, auth, intrusive
Download: http://nmap.org/svn/scripts/http-default-accounts.nse

User Summary

Tests for access with default credentials used by a variety of web applications and devices.

It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found. This script depends on a fingerprint file containing the target's information: name, category, location paths, default credentials and login routine.

You may select a category if you wish to reduce the number of requests. We have categories like:

  • web - Web applications
  • routers - Routers
  • voip - VOIP devices
  • security

Please help improve this script by adding new entries to nselib/data/http-default-accounts.lua

Remember each fingerprint must have:

  • name - Descriptive name
  • category - Category
  • login_combos - Table of login combinations
  • paths - Paths table containing the possible location of the target
  • login_check - Login function of the target

In addition, a fingerprint may have:

  • target_check - Target validation function. If defined, it will be
called to validate the target before attempting any logins.

Default fingerprint file: /nselib/data/http-default-accounts-fingerprints.lua This script was based on http-enum.

Script Arguments

http-default-accounts.category

Selects a category of fingerprints to use.

Other useful arguments relevant to this script: http.pipeline Sets max number of petitions in the same request. http.useragent User agent for HTTP requests

Revision History 2013-08-13 nnposter * added support for target_check() 2014-04-27 * changed category from safe to intrusive

http-default-accounts.fingerprintfile

Fingerprint filename. Default:http-default-accounts-fingerprints.lua

http-default-accounts.basepath

Base path to append to requests. Default: "/"

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p80 --script http-default-accounts host/ip

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
|_http-default-accounts: [Cacti] credentials found -> admin:admin Path:/cacti/
Final times for host: srtt: 94615 rttvar: 71012  to: 378663

Requires


Author: Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host, port)

MAIN Here we iterate through the paths to try to find a target. When a target is found the login routine is initialized to check for default credentials authentication

Parameters

  • host:
  • port:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]