Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
http-userdir-enum usage example gives no results #1902
While working on the metasploit documentation for the equivalent module, we've been adding 'how to confirm' sections for other tools (usually nmap scripts). We attempted to use
Example here is an Ubuntu 18.04 fresh apache install w/ only change being
used as confirmation of vuln server.
The script is working as expected. The key difference is that Metasploit default user list,
Here is the output from Nmap when the Metasploit list is used instead:
When inspecting the actual default users in Ubuntu 18.04, the nmap list definitely deserves a refresh and the Metasploit one perhaps too.
Ubuntu server 18.04 w/ lamp installed:
Just tested w/ metasploit, will submit a PR to their side momentarily to update their list.
This is turning out to require a little more thought:
Compared to file
For this reason it does not make a lot of sense to enrich this file with additional daemon usernames because they do not represent meaningful password cracking targets. To illustrate, I have collected usernames from recent versions of Ubuntu, RHEL, Oracle, Bitnami LAMP, Jetware LAMP, and Kali, which resulted in 89 entries. This would increase the original list roughly 9x, which in turn means that it would slow down password-cracking speed by the same factor for little benefit.
It seems that it might be more prudent to capture this list in a separate file, specifically to be used by by script