Server IP : 172.16.15.8 / Your IP : 18.191.9.9 Web Server : Apache System : Linux zeus.vwu.edu 4.18.0-553.27.1.el8_10.x86_64 #1 SMP Wed Nov 6 14:29:02 UTC 2024 x86_64 User : apache ( 48) PHP Version : 7.2.24 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON Directory (0755) : /usr/share/nmap/scripts/ |
[ Home ] | [ C0mmand ] | [ Upload File ] |
---|
local ajp = require "ajp" local http = require "http" local shortport = require "shortport" local stdnse = require "stdnse" local table = require "table" description = [[ Retrieves the authentication scheme and realm of an AJP service (Apache JServ Protocol) that requires authentication. ]] --- -- @usage -- nmap -p 8009 <ip> --script ajp-auth [--script-args ajp-auth.path=/login] -- -- @output -- PORT STATE SERVICE -- 8009/tcp open ajp13 -- | ajp-auth: -- |_ Digest opaque=GPui3SvCGBoHrRMMzSsgaYBV qop=auth nonce=1336063830612:935b5b389696b0f67b9193e19f47e037 realm=example.org -- -- @args ajp-auth.path Define the request path -- author = "Patrik Karlsson" license = "Same as Nmap--See https://nmap.org/book/man-legal.html" categories = {"default", "auth", "safe"} portrule = shortport.port_or_service(8009, 'ajp13', 'tcp') local arg_path = stdnse.get_script_args(SCRIPT_NAME .. ".path") action = function(host, port) local helper = ajp.Helper:new(host, port) if ( not(helper:connect()) ) then return stdnse.format_output(false, "Failed to connect to AJP server") end local status, answer = helper:get(arg_path or "/") --- check for 401 response code if ( not(status) or answer.status ~= 401 ) then return end local result = { name = answer.status_line:match("^(.*)\r?\n$") } local www_authenticate = answer.headers["www-authenticate"] if not www_authenticate then table.insert( result, ("Server returned status %d but no WWW-Authenticate header."):format(answer.status) ) return stdnse.format_output(true, result) end local challenges = http.parse_www_authenticate(www_authenticate) if ( not(challenges) ) then table.insert( result, ("Server returned status %d but the WWW-Authenticate header could not be parsed."):format(answer.status) ) table.insert( result, ("WWW-Authenticate: %s"):format(www_authenticate) ) return stdnse.format_output(true, result) end for _, challenge in ipairs(challenges) do local line = challenge.scheme if ( challenge.params ) then for name, value in pairs(challenge.params) do line = line .. (" %s=%s"):format(name, value) end end table.insert(result, line) end return stdnse.format_output(true, result) end