[Openvas-discuss] False Positive - NVT: HTTP Brute Force Logins with default Credentials

Michael Meyer michael.meyer at greenbone.net
Sat Jan 7 10:16:08 CET 2012


*** Reindl Harald <h.reindl at thelounge.net> wrote:
 
> NVT: HTTP Brute Force Logins with default Credentials (OID: 1.3.6.1.4.1.25623.1.0.103240)
> It was possible to login into the remote Web Application using default credentials.
>
> /testcms/show_content.php

Are these pages on a public webserver which i can access? If yes,
please send me more information (maybe in a private mail) and i will
have a look whats going on.

Or you can edit "default_http_auth_credentials.nasl":

Comment out the line 'if(! url = get_kb_item(string("www/", port, "/content/auth_required")))exit(0);"
and add "url = "/testcms/show_content.php"'

Add "display(resp,"\n\n");" after each "resp = http_keepalive_send_recv(port:port, data:req);".

Then call this NVT with openvas-nasl:

openvas-nasl -X -t <host> /path/to/default_http_auth_credentials.nasl

Then you should see what happened.

Micha

-- 
Michael Meyer                            OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list