Script http-put

Script types: portrule
Categories: discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/http-put.nse

Script Summary

Uploads a local file to a remote web server using the HTTP PUT method. You must specify the filename and URL path with NSE arguments.

Script Arguments

http-put.file

- The full path to the local file that should be uploaded to the server

http-put.url

- The remote directory and filename to store the file to e.g. (/uploads/file.txt)

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p 80 <ip> --script http-put --script-args http-put.url='/uploads/rootme.php',http-put.file='/tmp/rootme.php'

Script Output

PORT     STATE SERVICE
PORT   STATE SERVICE
80/tcp open  http
|_http-put: /uploads/rootme.php was successfully created

Requires

• http
• io
• shortport
• stdnse

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html