nmap script issueApplication Security

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Application Security nmap script issue

Tagged: ,

This topic contains 1 reply, has 2 voices, and was last updated by  Paul Rouk 3 years, 7 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #79011

    kdenhar
    Participant

    I’m currently trying to walk through Module 2 part 9 of the Web Application Pen Testing tutorial. Specifically this is the one where we use nmap to discover SQL injection. I have typed the command in correctly, but no URLs are returning. I have verified that both machines are on the network, and nmap is verifying this because I can see 1 host open and 2 ports.

    I believe the issue is that kali is not acknowledging the –script argument

    Here is what I am typing: nmap -p80 –script=/usr/share/nmap/scripts/http-sql-injection –script-args=httpspider.maxpagecount=200 192.168.56.10

    Here is the output:

    Starting Nmap 7.31 ( https://nmap.org ) at 2016-11-15 16:34 CST
    Nmap scan report for 192.168.56.10
    Host is up (0.00048s latency).
    PORT STATE SERVICE
    80/tcp open http
    MAC Address: 08:00:27:FB:EA:3C (Oracle VirtualBox virtual NIC)

    Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds

    Does anyone know what is going on that is not allowing me to utilize the scripts feature of nmap?

    #79215

    Paul Rouk
    Participant

    One thing I’ve noticed about nmap scripts is that they typically don’t give you an error message if they don’t find anything to report. For example, when I scan my home network with the ‘smb-os-discovery’ script, it gives the “Host script results” (as shown below) for only one system on the network. For all of the other systems where the script finds no results, it just prints something similar to the top portion of the nmap scan report with absolutely nothing for the script results. I don’t see any obvious errors in your script line, so it could just be that it isn’t finding anything that matches what the script is looking for.

    ===============================================
    nmap -p 445 -script smb-os-discovery 192.168.254.0/24

    Nmap scan report for 192.168.254.1
    Host is up (0.0021s latency).
    PORT STATE SERVICE
    445/tcp open microsoft-ds
    MAC Address: xx:xx:xx:xx:xx:xx (HP)

    Host script results:
    | smb-os-discovery:
    | OS: Windows 10 Home 14393 (Windows 10 Home 6.3)
    | OS CPE: cpe:/o:microsoft:windows_10::-
    | NetBIOS computer name: DESKTOP-HOME
    | Workgroup: WORKGROUP
    |_ System time: 2016-11-17T22:12:11-05:00

    Nmap scan report for 192.168.254.4
    Host is up (0.13s latency).
    PORT STATE SERVICE
    445/tcp filtered microsoft-ds
    MAC Address: xx:xx:xx:xx:xx:xx (Roku)

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel