File http-vmware-path-vuln
Script types:
portrule
Categories:
vuln, safe
Download: http://nmap.org/svn/scripts/http-vmware-path-vuln.nse
User Summary
Checks for a path-traversal vulnerability in VMWare ESX, ESXi, and Server (CVE-2009-3733).
The vulnerability was originally released by Justin Morehouse and Tony Flick, who presented at Shmoocon 2010 (http://fyrmassociates.com/tools.html).
Script Arguments
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap --script http-vmware-path-vuln -p80,443,8222,8333 <host>
Script Output
| http-vmware-path-vuln: | VMWare path traversal (CVE-2009-3733): VULNERABLE | /vmware/Windows 2003/Windows 2003.vmx | /vmware/Pentest/Pentest - Linux/Linux Pentest Bravo.vmx | /vmware/Pentest/Pentest - Windows/Windows 2003.vmx | /mnt/vmware/vmware/FreeBSD 7.2/FreeBSD 7.2.vmx | /mnt/vmware/vmware/FreeBSD 8.0/FreeBSD 8.0.vmx | /mnt/vmware/vmware/FreeBSD 8.0 64-bit/FreeBSD 8.0 64-bit.vmx |_ /mnt/vmware/vmware/Slackware 13 32-bit/Slackware 13 32-bit.vmx
Requires
Author: Ron Bowes
License: Same as Nmap--See http://nmap.org/book/man-legal.html