[NSE] http-iis-short-name-brute doesn't seem to work properly? #379

0xdevalias · 2016-05-16T03:06:07Z

Trying to run http-iis-short-name-brute according to the documentation (and as best I can find from google), and I don't think it works?

I would expect at the very least to be shown a 'not vulnerable' or similar when running the following, but I seem to get nothing usable? (though by the --script-trace it seems to be hitting the server)

Similarly, when running against an IIS6 server as a test (didn't let it finish), it doesn't seem to output anything to show it's scanning/doing anything. Is that normal?

sudo nmap -p80 --script +http-iis-short-name-brute --script-args vulns.showall --script-trace foo.my.target

Starting Nmap 7.12 ( https://nmap.org ) at 2016-05-16 13:00 AEST
NSOCK INFO [1.9810s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [a.b.c.d:80]
NSE: TCP d.c.b.a:54666 > a.b.c.d:80 | CONNECT
NSE: TCP d.c.b.a:54666 > a.b.c.d:80 | 00000000: 47 45 54 20 2f 7e 31 2a 2f 2a 2e 61 73 70 78 3f GET /~1*/*.aspx?
00000010: 61 73 70 78 65 72 72 6f 72 70 61 74 68 3d 2f 20 aspxerrorpath=/
00000020: 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 HTTP/1.1  Connec
00000030: 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 55 73 65 tion: close  Use
00000040: 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 r-Agent: Mozilla
00000050: 2f 35 2e 30 20 28 63 6f 6d 70 61 74 69 62 6c 65 /5.0 (compatible
00000060: 3b 20 4e 6d 61 70 20 53 63 72 69 70 74 69 6e 67 ; Nmap Scripting
00000070: 20 45 6e 67 69 6e 65 3b 20 68 74 74 70 73 3a 2f  Engine; https:/
00000080: 2f 6e 6d 61 70 2e 6f 72 67 2f 62 6f 6f 6b 2f 6e /nmap.org/book/n
00000090: 73 65 2e 68 74 6d 6c 29 0d 0a 48 6f 73 74 3a 20 se.html)  Host:
..snip..

NSOCK INFO [1.9810s] nsock_write(): Write request for 192 bytes to IOD #1 EID 19 [a.b.c.d:80]
NSOCK INFO [1.9810s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 19 [a.b.c.d:80]
NSE: TCP d.c.b.a:54666 > a.b.c.d:80 | SEND
NSOCK INFO [1.9810s] nsock_read(): Read request from IOD #1 [a.b.c.d:80] (timeout: 7550ms) EID 26
NSOCK INFO [2.1760s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 26 [a.b.c.d:80] (1368 bytes)
NSE: TCP d.c.b.a:54666 < a.b.c.d:80 | HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 16 May 2016 03:00:14 GMT
Connection: close
Content-Length: 3420

<!DOCTYPE html>
<html>
    <head>
        <title>Runtime Error</title>
        <meta name="viewport" content="width=device-width" />
        <style>
         body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
         p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
         b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
         H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
         H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
         pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}
         .marker {font-weight: bold; color: black;text-decoration: none;}
         .version {color: gray;}
         .error {margin-bottom: 10px;}
         .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
         @media screen and (max-width: 639px) {
          pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }
         }
         @media scr
NSOCK INFO [2.1770s] nsock_read(): Read request from IOD #1 [a.b.c.d:80] (timeout: 7550ms) EID 34
NSOCK INFO [2.1770s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 34 [a.b.c.d:80] (2301 bytes)
NSE: TCP d.c.b.a:54666 < a.b.c.d:80 | 00000000: 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 een and (max-wid
00000010: 74 68 3a 20 34 37 39 70 78 29 20 7b 0d 0a 20 20 th: 479px) {
00000020: 20 20 20 20 20 20 20 20 70 72 65 20 7b 20 77 69         pre { wi
00000030: 64 74 68 3a 20 32 38 30 70 78 3b 20 7d 0d 0a 20 dth: 280px; }
00000040: 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20         }
00000050: 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20    </style>
00000060: 20 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 20 20 20 20  </head>
00000070: 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 <body bgcolor="w
00000080: 68 69 74 65 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 hite">
00000090: 20 20 20 20 20 20 3c 73 70 61 6e 3e 3c 48 31 3e       <span><H1>
000000a0: 53 65 72 76 65 72 20 45 72 72 6f 72 20 69 6e 20 Server Error in
000000b0: 27 2f 27 20 41 70 70 6c 69 63 61 74 69 6f 6e 2e '/' Application.
000000c0: 3c 68 72 20 77 69 64 74 68 3d 31 30 30 25 20 73 <hr width=100% s
000000d0: 69 7a 65 3d 31 20 63 6f 6c 6f 72 3d 73 69 6c 76 ize=1 color=silv
000000e0: 65 72 3e 3c 2f 48 31 3e 0d 0a 0d 0a 20 20 20 20 er></H1>
000000f0: 20 20 20 20 20 20 20 20 3c 68 32 3e 20 3c 69 3e         <h2> <i>
00000100: 52 75 6e 74 69 6d 65 20 45 72 72 6f 72 3c 2f 69 Runtime Error</i
00000110: 3e 20 3c 2f 68 32 3e 3c 2f 73 70 61 6e 3e 0d 0a > </h2></span>
00000120: 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 66               <f
00000130: 6f 6e 74 20 66 61 63 65 3d 22 41 72 69 61 6c 2c ont face="Arial,
00000140: 20 48 65 6c 76 65 74 69 63 61 2c 20 47 65 6e 65  Helvetica, Gene
00000150: 76 61 2c 20 53 75 6e 53 61 6e 73 2d 52 65 67 75 va, SunSans-Regu
00000160: 6c 61 72 2c 20 73 61 6e 73 2d 73 65 72 69 66 20 lar, sans-serif
00000170: 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 ">
00000180: 20 20 3c 62 3e 20 44 65 73 63 72 69 70 74 69 6f   <b> Descriptio
00000190: 6e 3a 20 3c 2f 62 3e 41 6e 20 61 70 70 6c 69 63 n: </b>An applic
000001a0: 61 74 69 6f 6e 20 65 72 72 6f 72 20 6f 63 63 75 ation error occu
000001b0: 72 72 65 64 20 6f 6e 20 74 68 65 20 73 65 72 76 rred on the serv
000001c0: 65 72 2e 20 54 68 65 20 63 75 72 72 65 6e 74 20 er. The current
000001d0: 63 75 73 74 6f 6d 20 65 72 72 6f 72 20 73 65 74 custom error set
000001e0: 74 69 6e 67 73 20 66 6f 72 20 74 68 69 73 20 61 tings for this a
000001f0: 70 70 6c 69 63 61 74 69 6f 6e 20 70 72 65 76 65 pplication preve
00000200: 6e 74 20 74 68 65 20 64 65 74 61 69 6c 73 20 6f nt the details o
00000210: 66 20 74 68 65 20 61 70 70 6c 69 63 61 74 69 6f f the applicatio
00000220: 6e 20 65 72 72 6f 72 20 66 72 6f 6d 20 62 65 69 n error from bei
00000230: 6e 67 20 76 69 65 77 65 64 20 72 65 6d 6f 74 65 ng viewed remote
00000240: 6c 79 20 28 66 6f 72 20 73 65 63 75 72 69 74 79 ly (for security
00000250: 20 72 65 61 73 6f 6e 73 29 2e 20 49 74 20 63 6f  reasons). It co
00000260: 75 6c 64 2c 20 68 6f 77 65 76 65 72 2c 20 62 65 uld, however, be
00000270: 20 76 69 65 77 65 64 20 62 79 20 62 72 6f 77 73  viewed by brows
00000280: 65 72 73 20 72 75 6e 6e 69 6e 67 20 6f 6e 20 74 ers running on t
00000290: 68 65 20 6c 6f 63 61 6c 20 73 65 72 76 65 72 20 he local server
000002a0: 6d 61 63 68 69 6e 65 2e 0d 0a 20 20 20 20 20 20 machine.
000002b0: 20 20 20 20 20 20 3c 62 72 3e 3c 62 72 3e 0d 0a       <br><br>
000002c0: 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 62               <b
000002d0: 3e 44 65 74 61 69 6c 73 3a 3c 2f 62 3e 20 54 6f >Details:</b> To
000002e0: 20 65 6e 61 62 6c 65 20 74 68 65 20 64 65 74 61  enable the deta
000002f0: 69 6c 73 20 6f 66 20 74 68 69 73 20 73 70 65 63 ils of this spec
00000300: 69 66 69 63 20 65 72 72 6f 72 20 6d 65 73 73 61 ific error messa
00000310: 67 65 20 74 6f 20 62 65 20 76 69 65 77 61 62 6c ge to be viewabl
00000320: 65 20 6f 6e 20 72 65 6d 6f 74 65 20 6d 61 63 68 e on remote mach
00000330: 69 6e 65 73 2c 20 70 6c 65 61 73 65 20 63 72 65 ines, please cre
00000340: 61 74 65 20 61 20 26 6c 74 3b 63 75 73 74 6f 6d ate a &lt;custom
00000350: 45 72 72 6f 72 73 26 67 74 3b 20 74 61 67 20 77 Errors&gt; tag w
00000360: 69 74 68 69 6e 20 61 20 26 71 75 6f 74 3b 77 65 ithin a &quot;we
00000370: 62 2e 63 6f 6e 66 69 67 26 71 75 6f 74 3b 20 63 b.config&quot; c
00000380: 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 69 6c onfiguration fil
00000390: 65 20 6c 6f 63 61 74 65 64 20 69 6e 20 74 68 65 e located in the
000003a0: 20 72 6f 6f 74 20 64 69 72 65 63 74 6f 72 79 20  root directory
000003b0: 6f 66 20 74 68 65 20 63 75 72 72 65 6e 74 20 77 of the current w
000003c0: 65 62 20 61 70 70 6c 69 63 61 74 69 6f 6e 2e 20 eb application.
000003d0: 54 68 69 73 20 26 6c 74 3b 63 75 73 74 6f 6d 45 This &lt;customE
000003e0: 72 72 6f 72 73 26 67 74 3b 20 74 61 67 20 73 68 rrors&gt; tag sh
000003f0: 6f 75 6c 64 20 74 68 65 6e 20 68 61 76 65 20 69 ould then have i
00000400: 74 73 20 26 71 75 6f 74 3b 6d 6f 64 65 26 71 75 ts &quot;mode&qu
00000410: 6f 74 3b 20 61 74 74 72 69 62 75 74 65 20 73 65 ot; attribute se
00000420: 74 20 74 6f 20 26 71 75 6f 74 3b 4f 66 66 26 71 t to &quot;Off&q
00000430: 75 6f 74 3b 2e 3c 62 72 3e 3c 62 72 3e 0d 0a 0d uot;.<br><br>
00000440: 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 61              <ta
00000450: 62 6c 65 20 77 69 64 74 68 3d 31 30 30 25 20 62 ble width=100% b
00000460: 67 63 6f 6c 6f 72 3d 22 23 66 66 66 66 63 63 22 gcolor="#ffffcc"
00000470: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 >
00000480: 20 20 3c 74 72 3e 0d 0a 20 20 20 20 20 20 20 20   <tr>
00000490: 20 20 20 20 20 20 20 20 20 20 3c 74 64 3e 0d 0a           <td>
000004a0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000004b0: 20 20 20 20 20 20 3c 63 6f 64 65 3e 3c 70 72 65       <code><pre
000004c0: 3e 0d 0a 0d 0a 26 6c 74 3b 21 2d 2d 20 57 65 62 >    &lt;!-- Web
000004d0: 2e 43 6f 6e 66 69 67 20 43 6f 6e 66 69 67 75 72 .Config Configur
000004e0: 61 74 69 6f 6e 20 46 69 6c 65 20 2d 2d 26 67 74 ation File --&gt
000004f0: 3b 0d 0a 0d 0a 26 6c 74 3b 63 6f 6e 66 69 67 75 ;    &lt;configu
00000500: 72 61 74 69 6f 6e 26 67 74 3b 0d 0a 20 20 20 20 ration&gt;
00000510: 26 6c 74 3b 73 79 73 74 65 6d 2e 77 65 62 26 67 &lt;system.web&g
00000520: 74 3b 0d 0a 20 20 20 20 20 20 20 20 26 6c 74 3b t;          &lt;
00000530: 63 75 73 74 6f 6d 45 72 72 6f 72 73 20 6d 6f 64 customErrors mod
00000540: 65 3d 26 71 75 6f 74 3b 4f 66 66 26 71 75 6f 74 e=&quot;Off&quot
00000550: 3b 2f 26 67 74 3b 0d 0a 20 20 20 20 26 6c 74 3b ;/&gt;      &lt;
00000560: 2f 73 79 73 74 65 6d 2e 77 65 62 26 67 74 3b 0d /system.web&gt;
00000570: 0a 26 6c 74 3b 2f 63 6f 6e 66 69 67 75 72 61 74  &lt;/configurat
00000580: 69 6f 6e 26 67 74 3b 3c 2f 70 72 65 3e 3c 2f 63 ion&gt;</pre></c
00000590: 6f 64 65 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 ode>
000005a0: 20 20 20 20 20 20 20 20 20 20 3c 2f 74 64 3e 0d           </td>
000005b0: 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
000005c0: 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 </tr>
000005d0: 20 20 20 3c 2f 74 61 62 6c 65 3e 0d 0a 0d 0a 20    </table>
000005e0: 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0d            <br>
000005f0: 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c                <
00000600: 62 3e 4e 6f 74 65 73 3a 3c 2f 62 3e 20 54 68 65 b>Notes:</b> The
00000610: 20 63 75 72 72 65 6e 74 20 65 72 72 6f 72 20 70  current error p
00000620: 61 67 65 20 79 6f 75 20 61 72 65 20 73 65 65 69 age you are seei
00000630: 6e 67 20 63 61 6e 20 62 65 20 72 65 70 6c 61 63 ng can be replac
00000640: 65 64 20 62 79 20 61 20 63 75 73 74 6f 6d 20 65 ed by a custom e
00000650: 72 72 6f 72 20 70 61 67 65 20 62 79 20 6d 6f 64 rror page by mod
00000660: 69 66 79 69 6e 67 20 74 68 65 20 26 71 75 6f 74 ifying the &quot
00000670: 3b 64 65 66 61 75 6c 74 52 65 64 69 72 65 63 74 ;defaultRedirect
00000680: 26 71 75 6f 74 3b 20 61 74 74 72 69 62 75 74 65 &quot; attribute
00000690: 20 6f 66 20 74 68 65 20 61 70 70 6c 69 63 61 74  of the applicat
000006a0: 69 6f 6e 26 23 33 39 3b 73 20 26 6c 74 3b 63 75 ion&#39;s &lt;cu
000006b0: 73 74 6f 6d 45 72 72 6f 72 73 26 67 74 3b 20 63 stomErrors&gt; c
000006c0: 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 74 61 67 onfiguration tag
000006d0: 20 74 6f 20 70 6f 69 6e 74 20 74 6f 20 61 20 63  to point to a c
000006e0: 75 73 74 6f 6d 20 65 72 72 6f 72 20 70 61 67 65 ustom error page
000006f0: 20 55 52 4c 2e 3c 62 72 3e 3c 62 72 3e 0d 0a 0d  URL.<br><br>
00000700: 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 61              <ta
00000710: 62 6c 65 20 77 69 64 74 68 3d 31 30 30 25 20 62 ble width=100% b
00000720: 67 63 6f 6c 6f 72 3d 22 23 66 66 66 66 63 63 22 gcolor="#ffffcc"
00000730: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 >
00000740: 20 20 3c 74 72 3e 0d 0a 20 20 20 20 20 20 20 20   <tr>
00000750: 20 20 20 20 20 20 20 20 20 20 3c 74 64 3e 0d 0a           <td>
00000760: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000770: 20 20 20 20 20 20 3c 63 6f 64 65 3e 3c 70 72 65       <code><pre
00000780: 3e 0d 0a 0d 0a 26 6c 74 3b 21 2d 2d 20 57 65 62 >    &lt;!-- Web
00000790: 2e 43 6f 6e 66 69 67 20 43 6f 6e 66 69 67 75 72 .Config Configur
000007a0: 61 74 69 6f 6e 20 46 69 6c 65 20 2d 2d 26 67 74 ation File --&gt
000007b0: 3b 0d 0a 0d 0a 26 6c 74 3b 63 6f 6e 66 69 67 75 ;    &lt;configu
000007c0: 72 61 74 69 6f 6e 26 67 74 3b 0d 0a 20 20 20 20 ration&gt;
000007d0: 26 6c 74 3b 73 79 73 74 65 6d 2e 77 65 62 26 67 &lt;system.web&g
000007e0: 74 3b 0d 0a 20 20 20 20 20 20 20 20 26 6c 74 3b t;          &lt;
000007f0: 63 75 73 74 6f 6d 45 72 72 6f 72 73 20 6d 6f 64 customErrors mod
00000800: 65 3d 26 71 75 6f 74 3b 52 65 6d 6f 74 65 4f 6e e=&quot;RemoteOn
00000810: 6c 79 26 71 75 6f 74 3b 20 64 65 66 61 75 6c 74 ly&quot; default
00000820: 52 65 64 69 72 65 63 74 3d 26 71 75 6f 74 3b 6d Redirect=&quot;m
00000830: 79 63 75 73 74 6f 6d 70 61 67 65 2e 68 74 6d 26 ycustompage.htm&
00000840: 71 75 6f 74 3b 2f 26 67 74 3b 0d 0a 20 20 20 20 quot;/&gt;
00000850: 26 6c 74 3b 2f 73 79 73 74 65 6d 2e 77 65 62 26 &lt;/system.web&
00000860: 67 74 3b 0d 0a 26 6c 74 3b 2f 63 6f 6e 66 69 67 gt;  &lt;/config
00000870: 75 72 61 74 69 6f 6e 26 67 74 3b 3c 2f 70 72 65 uration&gt;</pre
00000880: 3e 3c 2f 63 6f 64 65 3e 0d 0a 0d 0a 20 20 20 20 ></code>
00000890: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f               </
000008a0: 74 64 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 td>
000008b0: 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20     </tr>
000008c0: 20 20 20 20 20 20 20 3c 2f 74 61 62 6c 65 3e 0d        </table>
000008d0: 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c                <
000008e0: 62 72 3e 0d 0a 0d 0a 20 20 20 20 3c 2f 62 6f 64 br>        </bod
000008f0: 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a          y>  </html>

NSE: TCP d.c.b.a:54666 > a.b.c.d:80 | CLOSE
NSOCK INFO [2.1790s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [2.1790s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [2.1800s] nsock_connect_tcp(): TCP connection requested to a.b.c.d:80 (IOD #2) EID 40
NSOCK INFO [2.3740s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [a.b.c.d:80]
NSE: TCP d.c.b.a:54667 > a.b.c.d:80 | CONNECT
NSE: TCP d.c.b.a:54667 > a.b.c.d:80 | 00000000: 47 45 54 20 2f 25 33 66 2a 7e 31 2a 2f 2a 2e 61 GET /%3f*~1*/*.a
00000010: 73 70 78 3f 61 73 70 78 65 72 72 6f 72 70 61 74 spx?aspxerrorpat
00000020: 68 3d 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f h=/ HTTP/1.1  Co
00000030: 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d nnection: close
00000040: 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a  User-Agent: Moz
00000050: 69 6c 6c 61 2f 35 2e 30 20 28 63 6f 6d 70 61 74 illa/5.0 (compat
00000060: 69 62 6c 65 3b 20 4e 6d 61 70 20 53 63 72 69 70 ible; Nmap Scrip
00000070: 74 69 6e 67 20 45 6e 67 69 6e 65 3b 20 68 74 74 ting Engine; htt
00000080: 70 73 3a 2f 2f 6e 6d 61 70 2e 6f 72 67 2f 62 6f ps://nmap.org/bo
00000090: 6f 6b 2f 6e 73 65 2e 68 74 6d 6c 29 0d 0a 48 6f ok/nse.html)  Ho
..snip..

NSOCK INFO [2.3740s] nsock_write(): Write request for 196 bytes to IOD #2 EID 51 [a.b.c.d:80]
NSOCK INFO [2.3740s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 51 [a.b.c.d:80]
NSE: TCP d.c.b.a:54667 > a.b.c.d:80 | SEND
NSOCK INFO [2.3740s] nsock_read(): Read request from IOD #2 [a.b.c.d:80] (timeout: 7550ms) EID 58
NSOCK INFO [2.5700s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 58 [a.b.c.d:80] (2736 bytes)
NSE: TCP d.c.b.a:54667 < a.b.c.d:80 | HTTP/1.1 400 Bad Request
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 16 May 2016 03:00:14 GMT
Connection: close
Content-Length: 3420

<!DOCTYPE html>
<html>
    <head>
        <title>Runtime Error</title>
        <meta name="viewport" content="width=device-width" />
        <style>
         body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;}
         p {font-family:"Verdana";font-weight:normal;color:black;margin-top: -5px}
         b {font-family:"Verdana";font-weight:bold;color:black;margin-top: -5px}
         H1 { font-family:"Verdana";font-weight:normal;font-size:18pt;color:red }
         H2 { font-family:"Verdana";font-weight:normal;font-size:14pt;color:maroon }
         pre {font-family:"Consolas","Lucida Console",Monospace;font-size:11pt;margin:0;padding:0.5em;line-height:14pt}
         .marker {font-weight: bold; color: black;text-decoration: none;}
         .version {color: gray;}
         .error {margin-bottom: 10px;}
         .expandable { text-decoration:underline; font-weight:bold; color:navy; cursor:hand; }
         @media screen and (max-width: 639px) {
          pre { width: 440px; overflow: auto; white-space: pre-wrap; word-wrap: break-word; }
         }
         @media screen and (max-width: 479px) {
          pre { width: 280px; }
         }
        </style>
    </head>

    <body bgcolor="white">

            <span><H1>Server Error in '/' Application.<hr width=100% size=1 color=silver></H1>

            <h2> <i>Runtime Error</i> </h2></span>

            <font face="Arial, Helvetica, Geneva, SunSans-Regular, sans-serif ">

            <b> Description: </b>An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
            <br><br>

            <b>Details:</b> To enable the details of this specific error message to be viewable on remote machines, please create a &lt;customErrors&gt; tag within a &quot;web.config&quot; configuration file located in the root directory of the current web application. This &lt;customErrors&gt; tag should then have its &quot;mode&quot; attribute set to &quot;Off&quot;.<br><br>

            <table width=100% bgcolor="#ffffcc">
               <tr>
                  <td>
                      <code><pre>

&lt;!-- Web.Config Configuration File --&gt;

&lt;configuration&gt;
    &lt;system.web&gt;
        &lt;customErrors mode=&quot;Off&quot;/&gt;

NSOCK INFO [2.5710s] nsock_read(): Read request from IOD #2 [a.b.c.d:80] (timeout: 7550ms) EID 66
NSOCK INFO [2.5710s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 66 [a.b.c.d:80] (933 bytes)
NSE: TCP d.c.b.a:54667 < a.b.c.d:80 | 00000000: 20 20 20 20 26 6c 74 3b 2f 73 79 73 74 65 6d 2e     &lt;/system.
00000010: 77 65 62 26 67 74 3b 0d 0a 26 6c 74 3b 2f 63 6f web&gt;  &lt;/co
00000020: 6e 66 69 67 75 72 61 74 69 6f 6e 26 67 74 3b 3c nfiguration&gt;<
00000030: 2f 70 72 65 3e 3c 2f 63 6f 64 65 3e 0d 0a 0d 0a /pre></code>
00000040: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000050: 20 20 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20   </td>
00000060: 20 20 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20         </tr>
00000070: 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 61 62            </tab
00000080: 6c 65 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 le>
00000090: 20 20 20 3c 62 72 3e 0d 0a 0d 0a 20 20 20 20 20    <br>
000000a0: 20 20 20 20 20 20 20 3c 62 3e 4e 6f 74 65 73 3a        <b>Notes:
000000b0: 3c 2f 62 3e 20 54 68 65 20 63 75 72 72 65 6e 74 </b> The current
000000c0: 20 65 72 72 6f 72 20 70 61 67 65 20 79 6f 75 20  error page you
000000d0: 61 72 65 20 73 65 65 69 6e 67 20 63 61 6e 20 62 are seeing can b
000000e0: 65 20 72 65 70 6c 61 63 65 64 20 62 79 20 61 20 e replaced by a
000000f0: 63 75 73 74 6f 6d 20 65 72 72 6f 72 20 70 61 67 custom error pag
00000100: 65 20 62 79 20 6d 6f 64 69 66 79 69 6e 67 20 74 e by modifying t
00000110: 68 65 20 26 71 75 6f 74 3b 64 65 66 61 75 6c 74 he &quot;default
00000120: 52 65 64 69 72 65 63 74 26 71 75 6f 74 3b 20 61 Redirect&quot; a
00000130: 74 74 72 69 62 75 74 65 20 6f 66 20 74 68 65 20 ttribute of the
00000140: 61 70 70 6c 69 63 61 74 69 6f 6e 26 23 33 39 3b application&#39;
00000150: 73 20 26 6c 74 3b 63 75 73 74 6f 6d 45 72 72 6f s &lt;customErro
00000160: 72 73 26 67 74 3b 20 63 6f 6e 66 69 67 75 72 61 rs&gt; configura
00000170: 74 69 6f 6e 20 74 61 67 20 74 6f 20 70 6f 69 6e tion tag to poin
00000180: 74 20 74 6f 20 61 20 63 75 73 74 6f 6d 20 65 72 t to a custom er
00000190: 72 6f 72 20 70 61 67 65 20 55 52 4c 2e 3c 62 72 ror page URL.<br
000001a0: 3e 3c 62 72 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 ><br>
000001b0: 20 20 20 20 20 3c 74 61 62 6c 65 20 77 69 64 74      <table widt
000001c0: 68 3d 31 30 30 25 20 62 67 63 6f 6c 6f 72 3d 22 h=100% bgcolor="
000001d0: 23 66 66 66 66 63 63 22 3e 0d 0a 20 20 20 20 20 #ffffcc">
000001e0: 20 20 20 20 20 20 20 20 20 20 3c 74 72 3e 0d 0a           <tr>
000001f0: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
00000200: 20 20 3c 74 64 3e 0d 0a 20 20 20 20 20 20 20 20   <td>
00000210: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 63               <c
00000220: 6f 64 65 3e 3c 70 72 65 3e 0d 0a 0d 0a 26 6c 74 ode><pre>    &lt
00000230: 3b 21 2d 2d 20 57 65 62 2e 43 6f 6e 66 69 67 20 ;!-- Web.Config
00000240: 43 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 46 69 Configuration Fi
00000250: 6c 65 20 2d 2d 26 67 74 3b 0d 0a 0d 0a 26 6c 74 le --&gt;    &lt
00000260: 3b 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 26 67 ;configuration&g
00000270: 74 3b 0d 0a 20 20 20 20 26 6c 74 3b 73 79 73 74 t;      &lt;syst
00000280: 65 6d 2e 77 65 62 26 67 74 3b 0d 0a 20 20 20 20 em.web&gt;
00000290: 20 20 20 20 26 6c 74 3b 63 75 73 74 6f 6d 45 72     &lt;customEr
000002a0: 72 6f 72 73 20 6d 6f 64 65 3d 26 71 75 6f 74 3b rors mode=&quot;
000002b0: 52 65 6d 6f 74 65 4f 6e 6c 79 26 71 75 6f 74 3b RemoteOnly&quot;
000002c0: 20 64 65 66 61 75 6c 74 52 65 64 69 72 65 63 74  defaultRedirect
000002d0: 3d 26 71 75 6f 74 3b 6d 79 63 75 73 74 6f 6d 70 =&quot;mycustomp
000002e0: 61 67 65 2e 68 74 6d 26 71 75 6f 74 3b 2f 26 67 age.htm&quot;/&g
000002f0: 74 3b 0d 0a 20 20 20 20 26 6c 74 3b 2f 73 79 73 t;      &lt;/sys
00000300: 74 65 6d 2e 77 65 62 26 67 74 3b 0d 0a 26 6c 74 tem.web&gt;  &lt
00000310: 3b 2f 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 26 ;/configuration&
00000320: 67 74 3b 3c 2f 70 72 65 3e 3c 2f 63 6f 64 65 3e gt;</pre></code>
00000330: 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20
00000340: 20 20 20 20 20 20 3c 2f 74 64 3e 0d 0a 20 20 20       </td>
00000350: 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 72             </tr
00000360: 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c >              <
00000370: 2f 74 61 62 6c 65 3e 0d 0a 0d 0a 20 20 20 20 20 /table>
00000380: 20 20 20 20 20 20 20 3c 62 72 3e 0d 0a 0d 0a 20        <br>
00000390: 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74    </body>  </ht
000003a0: 6d 6c 3e 0d 0a                                  ml>

NSE: TCP d.c.b.a:54667 > a.b.c.d:80 | CLOSE
NSOCK INFO [2.5720s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
Nmap scan report for onlinecredentialing.csmc.edu (a.b.c.d)
Host is up (0.19s latency).
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 2.57 seconds

nmap --version

Nmap version 7.12 ( https://nmap.org )
Platform: x86_64-apple-darwin15.4.0
Compiled with: liblua-5.2.4 openssl-1.0.2g nmap-libpcre-7.6 libpcap-1.5.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: kqueue poll select

The text was updated successfully, but these errors were encountered:

cldrn · 2016-05-16T03:43:06Z

Hello,
I've tested the script against several vulnerable IIS installations and i can confirm it works against them. By design most scripts won't return output if the host isn't vulnerable. Try -d2 to get debug messages. If the script isn't detecting the vulnerable host properly I would love to take a look at the full debug log to fix this.

0xdevalias · 2016-05-16T08:16:27Z

Ok, that makes sense. I guess I was expecting it to show 'not vulnerable' based on the wording of vulns.showall. Should this be considered a bug, or?

https://nmap.org/nsedoc/lib/vulns.html

Script Arguments

vulns.showall

If set, the library will show and report all the registered vulnerabilities which includes the NOT VULNERABLE ones. By default the library will only report the VULNERABLE entries: VULNERABLE, LIKELY VULNERABLE, VULNERABLE (DoS) and VULNERABLE (Exploitable).

cldrn · 2016-05-16T15:09:32Z

Oh, I see. You are right. There is a bug in the reporting part. Thanks for reporting it. I'll commit a patch now to fix this.

0xdevalias · 2016-05-16T21:22:26Z

Awesome, thanks for that :)

Get Outlook for iOS

On Mon, May 16, 2016 at 8:48 AM -0700, "nmap-bot" notifications@github.com wrote:

Closed #379 via 363397b.

—
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub

nmap-bot closed this as completed in 363397b May 16, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[NSE] http-iis-short-name-brute doesn't seem to work properly? #379

[NSE] http-iis-short-name-brute doesn't seem to work properly? #379

0xdevalias commented May 16, 2016

cldrn commented May 16, 2016

0xdevalias commented May 16, 2016 •

edited

cldrn commented May 16, 2016

0xdevalias commented May 16, 2016

[NSE] http-iis-short-name-brute doesn't seem to work properly? #379

[NSE] http-iis-short-name-brute doesn't seem to work properly? #379

Comments

0xdevalias commented May 16, 2016

cldrn commented May 16, 2016

0xdevalias commented May 16, 2016 • edited

cldrn commented May 16, 2016

0xdevalias commented May 16, 2016

0xdevalias commented May 16, 2016 •

edited