错误 Nmap NSE http-form-brute
Error Nmap NSE http-form-brute
我正在尝试使用 http-form-brute 脚本争取一些时间,但每次它都说路径错误,但我已经检查了路径,是的,我还检查了语法,看起来正确...指出我出错的地方。
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-01-12 19:48 UTC
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.2.
NSE: Arguments from CLI: userdb=d.dic,passdb=d.dic,http-form-
brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php
NSE: Arguments parsed: userdb=d.dic,passdb=d.dic,http-form-brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
Completed NSE at 19:48, 0.00s elapsed
Initiating Ping Scan at 19:48
Scanning www.laboratoriohacker.com.br (31.170.164.209) [4 ports]
Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209)))
We got a ping packet back from 31.170.164.209: id = 1632 seq = 0 checksum = 63903
Completed Ping Scan at 19:48, 0.52s elapsed (1 total hosts)
Overall sending rates: 7.76 packets / s, 294.96 bytes / s.
mass_rdns: Using DNS server 192.168.0.1
Initiating Parallel DNS resolution of 1 host. at 19:48
mass_rdns: 0.01s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 19:48, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 19:48
Scanning www.laboratoriohacker.com.br (31.170.164.209) [1 port]
Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209)))
Discovered open port 80/tcp on 31.170.164.209
Completed SYN Stealth Scan at 19:48, 0.31s elapsed (1 total ports)
Overall sending rates: 3.24 packets / s, 142.60 bytes / s.
NSE: Script scanning 31.170.164.209.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
NSE: Starting http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80).
NSE: [http-form-brute 31.170.164.209:80] Form submission path: /admin/validar.php
NSE: [http-form-brute 31.170.164.209:80] HTTP method: POST
NSE: [http-form-brute 31.170.164.209:80] Username field: usuario
NSE: [http-form-brute 31.170.164.209:80] Password field: senha
NSE: [http-form-brute 31.170.164.209:80] Failed to get new session cookies: Unable to retrieve a login form from path "/admin/validar.php"
NSE: Finished http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80).
Completed NSE at 19:48, 1.35s elapsed
Nmap scan report for www.laboratoriohacker.com.br (31.170.164.209)
Host is up, received echo-reply ttl 52 (0.46s latency).
Scanned at 2017-01-12 19:48:02 UTC for 2s
PORT STATE SERVICE REASON
80/tcp open http syn-ack ttl 52
| http-form-brute:
|_ ERROR: Failed to submit the form to path "/admin/validar.php"
Final times for host: srtt: 457110 rttvar: 414875 to: 2116610
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
Completed NSE at 19:48, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
Raw packets sent: 5 (196B) | Rcvd: 2 (72B)
您已将 HTML 表单的路径提供为 /admin/validar.php,但脚本无法从该页面获取包含表单的响应。很可能,这是表单 POST 到的路径,而不是表单所在的页面。提供的路径应该是用户在填写表单时在其浏览器中看到的 URI 路径。或者,您可以尝试将 sessioncookies 设置为 0(假)以避免表单检测,但如果表单每次提交都需要新的 cookie,则无法进行暴力破解。
我正在尝试使用 http-form-brute 脚本争取一些时间,但每次它都说路径错误,但我已经检查了路径,是的,我还检查了语法,看起来正确...指出我出错的地方。
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-01-12 19:48 UTC
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.2.
NSE: Arguments from CLI: userdb=d.dic,passdb=d.dic,http-form-
brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php
NSE: Arguments parsed: userdb=d.dic,passdb=d.dic,http-form-brute.uservar=usuario,http-form-brute.passvar=senha,http-form-brute.onfailure=invalido!,http-form-brute.path=/admin/validar.php
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
Completed NSE at 19:48, 0.00s elapsed
Initiating Ping Scan at 19:48
Scanning www.laboratoriohacker.com.br (31.170.164.209) [4 ports]
Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209)))
We got a ping packet back from 31.170.164.209: id = 1632 seq = 0 checksum = 63903
Completed Ping Scan at 19:48, 0.52s elapsed (1 total hosts)
Overall sending rates: 7.76 packets / s, 294.96 bytes / s.
mass_rdns: Using DNS server 192.168.0.1
Initiating Parallel DNS resolution of 1 host. at 19:48
mass_rdns: 0.01s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 19:48, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 19:48
Scanning www.laboratoriohacker.com.br (31.170.164.209) [1 port]
Packet capture filter (device wlan0): dst host 192.168.0.102 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 31.170.164.209)))
Discovered open port 80/tcp on 31.170.164.209
Completed SYN Stealth Scan at 19:48, 0.31s elapsed (1 total ports)
Overall sending rates: 3.24 packets / s, 142.60 bytes / s.
NSE: Script scanning 31.170.164.209.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
NSE: Starting http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80).
NSE: [http-form-brute 31.170.164.209:80] Form submission path: /admin/validar.php
NSE: [http-form-brute 31.170.164.209:80] HTTP method: POST
NSE: [http-form-brute 31.170.164.209:80] Username field: usuario
NSE: [http-form-brute 31.170.164.209:80] Password field: senha
NSE: [http-form-brute 31.170.164.209:80] Failed to get new session cookies: Unable to retrieve a login form from path "/admin/validar.php"
NSE: Finished http-form-brute against www.laboratoriohacker.com.br (31.170.164.209:80).
Completed NSE at 19:48, 1.35s elapsed
Nmap scan report for www.laboratoriohacker.com.br (31.170.164.209)
Host is up, received echo-reply ttl 52 (0.46s latency).
Scanned at 2017-01-12 19:48:02 UTC for 2s
PORT STATE SERVICE REASON
80/tcp open http syn-ack ttl 52
| http-form-brute:
|_ ERROR: Failed to submit the form to path "/admin/validar.php"
Final times for host: srtt: 457110 rttvar: 414875 to: 2116610
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 19:48
Completed NSE at 19:48, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
Raw packets sent: 5 (196B) | Rcvd: 2 (72B)
您已将 HTML 表单的路径提供为 /admin/validar.php,但脚本无法从该页面获取包含表单的响应。很可能,这是表单 POST 到的路径,而不是表单所在的页面。提供的路径应该是用户在填写表单时在其浏览器中看到的 URI 路径。或者,您可以尝试将 sessioncookies 设置为 0(假)以避免表单检测,但如果表单每次提交都需要新的 cookie,则无法进行暴力破解。