Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File http-passwd

Download: http://nmap.org/svn/scripts/http-passwd.nse

User Summary

Checks if a web server is vulnerable to directory traversal by attempting to retrieve /etc/passwd using various traversal methods such as requesting ../../../../etc/passwd.

Script Arguments

http-max-cache-size, http.useragent, pipeline

See the documentation for the http library.

Requires


categories intrusive vuln

author Kris Katterjohn

copyright © Same as Nmap--See http://nmap.org/book/man-legal.html

Functions

hexify (str)

Transforms a string with ".", "/" and "\" converted to their URL-formatted hex equivalents

output (passwd, dir)

Formats output.

truncatePasswd (passwd)

Truncates the passwd file.

validate (response)

Validates the HTTP response code and checks for a valid passwd format in the body.



Functions

hexify (str)

Transforms a string with ".", "/" and "\" converted to their URL-formatted hex equivalents

Parameters

  • str: String to hexify.

Return value:

Transformed string.
output (passwd, dir)

Formats output.

Parameters

  • passwd: passwd file.
  • dir: Formatted request which elicited the good reponse.

Return value:

String description for output
truncatePasswd (passwd)

Truncates the passwd file.

Parameters

  • passwd: passwd file.

Return value:

Truncated passwd file and truncated length.
validate (response)

Validates the HTTP response code and checks for a valid passwd format in the body.

Parameters

  • response: The HTTP response from the server.

Return value:

The body of the HTTP response.

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]