403Webshell
Server IP : 101.53.144.229  /  Your IP : 216.73.216.181
Web Server : Apache
System : Linux host.gdigitalindia.in 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User : digitalshiksha ( 1179)
PHP Version : 5.6.40
Disable Function : eval,show_source,system,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open,ini_alter,dl,show_source,curl_multi_exechellcmd, ini_restore,apache_get_modules,get_cfg_var,passthru, exec ,proc_get_status,fpassthru,c999_buff_prepare,c999_sess_put,c99_buff_prepare,c99_sess_put,proc_close,ini_alter,dl,symlink,link,proc_close,ini_alter,dl,symlink,link,mail
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/share/nmap/scripts/netbus-auth-bypass.nse
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"

description = [[
Checks if a NetBus server is vulnerable to an authentication bypass
vulnerability which allows full access without knowing the password.

For example a server running on TCP port 12345 on localhost with
this vulnerability is accessible to anyone. An attacker could
simply form a connection to the server ( ncat -C 127.0.0.1 12345 )
and login to the service by typing Password;1; into the console.
]]

---
-- @usage
-- nmap -p 12345 --script netbus-auth-bypass <target>
--
-- @output
-- 12345/tcp open  netbus
-- |_netbus-auth-bypass: Vulnerable

author = "Toni Ruottu"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "safe", "vuln"}


dependencies = {"netbus-version", "netbus-brute", "netbus-info"}

portrule = shortport.port_or_service (12345, "netbus", {"tcp"})

action = function( host, port )

	local socket = nmap.new_socket()
	local status, err = socket:connect(host.ip, port.number)
	if not status then
		return
	end
	local buffer, _ = stdnse.make_buffer(socket, "\r")
	buffer() --discard banner

	-- The first argument of Password is the super-login bit.
	-- On vulnerable servers any password will do as long as
	-- we send the super-login bit. Regular NetBus has only
	-- one password. Thus, if we can login with two different
	-- passwords using super-login, the server is vulnerable.

	socket:send("Password;1;\r") --password: empty
	if buffer() ~= "Access;1" then
		return
	end
	socket:send("Password;1; \r") --password: space
	if buffer() == "Access;1" then
		return "Vulnerable"
	end
	return "Not vulnerable, but password is empty"
end

Youez - 2016 - github.com/yon3zu
LinuXploit