Re: run nmap automatically from index.html (??)



On 11/16/2011 10:16 AM, securityfocus@xxxxxxxxxxxx wrote:
If you can modify the source for the website, you can add something like this with PHP at the end of the page:

<?php
passthru("/path/to/nmap<args> " . $_SERVER['REMOTE_ADDR'] . ">> /path/to/log_file.log 2>&1&");
?>

It is important to note that "2>&1&" allows this command to be backgrounded so PHP will not wait for this command to finish before rendering the page and closing. Also if you are behind a proxy you might have to use something like $_SERVER["HTTP_X_FORWARDED_FOR"] instead.

If modifying the source of the page is out of the question, I would avoid scanning the logs as there's no guarantee of when apache will flush logs to disk (it does not happen in real time). It would probably work just fine, but if you are going to write a log scraping service anyway, I'd sooner write an apache2 module or use mod_perl to hook EXEC_ON_READ or similar.

-a


Using HTTP_X_FORWARDED_FOR in a system command is a terrible idea, as it is under the control of the client. You would be introducing a command injection vulnerability.

Dan

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Remote access and automatize user account creation (Windows XP)
    ... They are asking my client to automatize the creation of 2 local accounts w/o having to enter any credentials. ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full practical examination in order to become certified. ...
    (Pen-Test)
  • Re: Controlled DoS
    ... You can say that monitored/controlled DOS attack.In PenTest Scenarios ... it may require more cooperation from client to analyze the resources ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • demoing sslv2 vulns
    ... vulnerabilities for weak and medium ciphers and SSL v2. ... A client has ... exploiting this. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Password audit in 2008 DC
    ... win 2008 server system. ... Due to the criticity of the service, the client does not allow the ... I´m trying to do a simple SAM dump on ths system but I need to know for ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Remote access and automatize user account creation (Windows XP)
    ... The support/exploitation IT department has been complaining about having to enter credentials during the installation of an XP image. ... They are asking my client to automatize the creation of 2 local accounts w/o having to enter any credentials. ... Information Assurance Certification Review Board ...
    (Pen-Test)