mylesagray
commented
2 years ago Comment written by Gary Parkinson on 06/19/2015 06:28:12
Great post Myles.
Open mylesagray opened 2 years ago
mylesagray
commented
2 years ago Comment written by Gary Parkinson on 06/19/2015 06:28:12
Great post Myles.
mylesagray
commented
2 years ago Comment written by John E on 11/16/2015 18:22:47
Early in the article you say, "[this vulnerability can occur on] anything using HTTP.sys and, of course, a HTTP server can be spun up on any port you want so we need to check for servers that have HTTP exposed on any port from 1-65535.
Later you seem to say say, the script you chose will run "against all ports that match the type of shortport.http in nmap's pre-defined list" (i.e. {80, 443, 631, 3872, 8080}).
So, it sounds like you are scanning on all ports, but not necessarily running the the script checking for the vulnerability on all ports (unless I'm not understanding the mechanism that passes an open port perhaps found by the scan to the script.)
As such, if a vulnerabilty HTTP.sys were running on a server, on a custom port other than (AND not) 80, 443, 631.3872, or 8080, would the above procedure find it?
Thanks for any clarification.
mylesagray
commented
2 years ago Comment written by Myles Gray on 11/16/2015 20:49:34
That's correct, you'd need to modify it from shortport.http to just scan all ports.
Written on 02/25/2018 12:45:58
URL: https://blah.cloud/security/scanning-for-network-vulnerabilities-using-nmap/