Comments (8)
ztgrace
commented on May 30, 2024
Thanks for the issue. I agree changeme should have the ability to detect default credentials on alternate ports, but I think we need to be careful. For example, I'm using this tool to scan more than 10k web services and this would add 100k extra requests just for this service.
I originally opened issue #3 with this in mind. My feeling is that when we start to get out to uncommon ports, I'd rather have the tool feed off of nmap input. For example, say we scan a system and the Server header on 8000 contains Apache Tomcat, with a fuzzier fingerprinting mechanism, we would swap out the default port for 8000.
Would functionality like that meet your needs?
from changeme.
ranjithprethan
commented on May 30, 2024
Hi Ztgrace, Thanks.
For example : If Apache Tomcat runs on 8000, changeme should first check for default port 8080, if the web service is not running in a default port then it should check for other ports as well before loading all the default credentials.
Feeding nmap result is an alternate solution, If we want to scan 10-15 IP addresses at one time, It would be useful if changeme has the capability to detect the web service in alternate ports.
Thanks.
from changeme.
iamtutu
commented on May 30, 2024
what if a provided list file which contains IP:PORT is parsed as input to be scanned ?
from changeme.
ranjithprethan
commented on May 30, 2024
Far-loop or list file are the way forward. Otherwise we need to do a port scan which is not a ideal solution. If anyone is written the code, please share. Thanks
from changeme.
ztgrace
commented on May 30, 2024
@iamtutu @ranjithprethan I'm trying to understand the request here. Are you looking for an option that would try all credentials on all ports? The process is broken down into two phases, fingerprint and auth attempts. I can see adding an option to force fingerprinting on all ports specified in the targets and if the fingerprint matches, scan it for default creds. Does that cover what you're looking for?
@ranjithprethan for any large scans nmap will be a way more efficient port scanner than changeme.
from changeme.
ranjithprethan
commented on May 30, 2024
@ztgrace that's exactly the same I am looking for. Because In most of the web server environment the http/https service runs on custom or non standard port. can you please share the new code? Thanks
from changeme.
ztgrace
commented on May 30, 2024
I'll include this feature in the 1.0 release which is scheduled for the end of September. Until then, you can make multiple copies of the credential files each with a different port.
from changeme.
ztgrace
commented on May 30, 2024
The changeme version in the development branch (https://github.com/ztgrace/changeme/tree/development) now features a --portoverride option that forces changeme to use the supplied port for all protocols.
Here's what the new option looks like:
./changeme.py -d --protocols http,snmp --portoverride --dryrun 127.0.0.1:11111
...snip...
[07:43:31][scan_engine][_build_targets] Configured protocols: ['http', 'snmp']
[07:43:32][scan_engine][dry_run] Dry run URLs:
http://127.0.0.1:11111/admin-console/login.seam
https://127.0.0.1:11111/
http://127.0.0.1:11111/tomcat/manager/html
http://127.0.0.1:11111/nexus/
snmp://127.0.0.1:11111
http://127.0.0.1:11111/opscenter/login.html
http://127.0.0.1:11111/zabbix/index.php
http://127.0.0.1:11111/rest/html/management/dashboards
http://127.0.0.1:11111/logon.htm
http://127.0.0.1:11111/manager/html
http://127.0.0.1:11111/
http://127.0.0.1:11111/jasperserver/login.html
http://127.0.0.1:11111/login.htm
http://127.0.0.1:11111/SingleSignOn/SignIn.aspx?SsoProductCode=npc&SsoRedirectUrl=%2fnpc%2fdefault.aspx
http://127.0.0.1:11111/web/guest/en/websys/webArch/authForm.cgi
https://127.0.0.1:11111/com.netezza.portal.Portal/index.html
http://127.0.0.1:11111/admin/password.html
http://127.0.0.1:11111/prop.htm
https://127.0.0.1:11111/opscenter/
http://127.0.0.1:11111/TeleoptiWFM/Administration/
https://127.0.0.1:11111/hp/device/this.LCDispatcher?dispatch=html&cat=1&pos=3
http://127.0.0.1:11111/
snmp://127.0.0.1:11111
http://127.0.0.1:11111/eng/liveView.cgi
http://127.0.0.1:11111/login.html
http://127.0.0.1:11111/console/login/LoginForm.jsp
http://127.0.0.1:11111/rps/
https://127.0.0.1:11111/hp/device/this.LCDispatcher?nav=hp.Security
https://127.0.0.1:11111/hp/device/GeneralSecurity/Index
https://127.0.0.1:11111/login.html
http://127.0.0.1:11111/header.php?tab=status
http://127.0.0.1:11111/
https://127.0.0.1:11111/login
http://127.0.0.1:11111/console/portal/Server/Web%20Server
https://127.0.0.1:11111/hp/device/this.LCDispatcher?dispatch=html&cat=1&pos=4
This version will be merged into master sometime next week.
Cheers,
Zach
from changeme.
Related Issues (20)
- paramiko.ssh_exception.SSHException: Error reading SSH protocol banner
- Problem with lxml
- Not working
- Selenium PhantomJS driver is deprecated HOT 2
- User agent header evaluation order corner case HOT 1
- Did n't find tomcat credentials HOT 9
- Error Cannot Allocate Memory HOT 5
- Issue while adding default credential detection for Aruba's ClearPass HOT 6
- delete this HOT 1
- --shodan_query flag use cases HOT 1
- Option to disable screenshots
- Option to stop bruteforcing after at least one valid creds pair for each target was found HOT 3
- stucks on big input file HOT 4
- add to ssh.yml new crediantial , but, ssh credential not found HOT 2
- Adding RabbitMQ scanning capability HOT 1
- no module named cerberus HOT 1
- ImportError: No module named cerberus HOT 3
- Docker image is out of date
- Add custom ports to specific services
- pyodbc ... error HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from changeme.