nmap http-form-brute

[Aviril7]

Am running nmap http-form-brute against a test lab with command

nmap --script http-form-brute --script-args "brute.firstonly=true,http-form-brute.path='/Login.asp?RetURL=%2FDefault%2Easp%3F',http-form-brute.method=POST,userdb=user.txt,http-form-brute.uservar=tfUName,http-form-brute.passvar=tfUPass,http-form-brute.onsuccess=Logout" testasp.vulnweb.com

And got error NSE: http-form-brute against testasp.vulnweb.com (44.238.29.244:80) threw an error!

Below is the full debug

Starting Nmap 7.93 ( https://nmap.org ) at 2023-04-19 04:14 WAT

PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)

--------------- Timing report ---------------

  hostgroups: min 1, max 100000

  rtt-timeouts: init 1000, min 100, max 10000

  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000

  parallelism: min 0, max 0

  max-retries: 10, host-timeout: 0

  min-rate: 0, max-rate: 10

---------------------------------------------

NSE: Using Lua 5.3.

NSE: Arguments from CLI: brute.firstonly=true,http-form-brute.path='/Login.asp?RetURL=%2FDefault%2Easp%3F',http-form-brute.method=POST,userdb=user.txt,http-form-brute.uservar=tfUName,http-form-brute.passvar=tfUPass,http-form-brute.onsuccess=Logout

NSE: Arguments parsed: brute.firstonly=true,http-form-brute.path='/Login.asp?RetURL=%2FDefault%2Easp%3F',http-form-brute.method=POST,userdb=user.txt,http-form-brute.uservar=tfUName,http-form-brute.passvar=tfUPass,http-form-brute.onsuccess=Logout

NSE: Loaded 1 scripts for scanning.

NSE: Script Pre-scanning.

NSE: Starting runlevel 1 (of 1) scan.

Initiating NSE at 04:14

Completed NSE at 04:14, 0.00s elapsed

Initiating Ping Scan at 04:14

Scanning testasp.vulnweb.com (44.238.29.244) [2 ports]

Completed Ping Scan at 04:14, 0.32s elapsed (1 total hosts)

Overall sending rates: 6.23 packets / s.

mass_rdns: Using DNS server 8.8.8.8

mass_rdns: Using DNS server 8.8.4.4

Initiating Parallel DNS resolution of 1 host. at 04:14

mass_rdns: 0.13s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]

Completed Parallel DNS resolution of 1 host. at 04:14, 0.12s elapsed

DNS resolution of 1 IPs took 0.13s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]

Initiating Connect Scan at 04:14

Scanning testasp.vulnweb.com (44.238.29.244) [1000 ports]

doAnyOutstandingRetransmits took 50ms

Discovered open port 80/tcp on 44.238.29.244

Discovered open port 25/tcp on 44.238.29.244

Connect Scan Timing: About 14.40% done; ETC: 04:18 (0:03:04 remaining)

doAnyOutstandingRetransmits took 43ms

Stats: 0:01:01 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan

Connect Scan Timing: About 26.65% done; ETC: 04:18 (0:02:45 remaining)

Current sending rates: 5.94 packets / s.

Stats: 0:01:14 elapsed; 0 hosts completed (1 up), 1 undergoing Connect Scan

Connect Scan Timing: About 28.70% done; ETC: 04:18 (0:03:01 remaining)

Current sending rates: 3.37 packets / s.

doAnyOutstandingRetransmits took 70ms

doAnyOutstandingRetransmits took 44ms

doAnyOutstandingRetransmits took 60ms

Connect Scan Timing: About 48.65% done; ETC: 04:18 (0:01:49 remaining)

doAnyOutstandingRetransmits took 60ms

Connect Scan Timing: About 62.70% done; ETC: 04:18 (0:01:19 remaining)

doAnyOutstandingRetransmits took 31ms

doAnyOutstandingRetransmits took 39ms

Connect Scan Timing: About 76.50% done; ETC: 04:18 (0:00:50 remaining)

doAnyOutstandingRetransmits took 31ms

doAnyOutstandingRetransmits took 90ms

doAnyOutstandingRetransmits took 77ms

doAnyOutstandingRetransmits took 73ms

doAnyOutstandingRetransmits took 118ms

Completed Connect Scan at 04:18, 222.70s elapsed (1000 total ports)

Overall sending rates: 9.47 packets / s.

NSE: Script scanning 44.238.29.244.

NSE: Starting runlevel 1 (of 1) scan.

Initiating NSE at 04:18

NSE: Starting http-form-brute against testasp.vulnweb.com (44.238.29.244:80).

NSE: http-form-brute against testasp.vulnweb.com (44.238.29.244:80) threw an error!

/usr/bin/../share/nmap/nselib/stdnse.lua:81: bad argument #2 to 'format' (no value)

stack traceback:

        [C]: in function 'string.format'

        /usr/bin/../share/nmap/nselib/stdnse.lua:81: in function 'stdnse.debug'

        /usr/bin/../share/nmap/scripts/http-form-brute.nse:517: in function </usr/bin/../share/nmap/scripts/http-form-brute.nse:478>

        (...tail calls...)

Completed NSE at 04:18, 0.00s elapsed

Nmap scan report for testasp.vulnweb.com (44.238.29.244)

Host is up, received syn-ack (0.31s latency).

rDNS record for 44.238.29.244: ec2-44-238-29-244.us-west-2.compute.amazonaws.com

Scanned at 2023-04-19 04:14:41 WAT for 223s

Not shown: 998 filtered tcp ports (no-response)

PORT   STATE SERVICE REASON

25/tcp open  smtp    syn-ack

80/tcp open  http    syn-ack

Final times for host: srtt: 306053 rttvar: 5191  to: 326817

NSE: Script Post-scanning.

NSE: Starting runlevel 1 (of 1) scan.

Initiating NSE at 04:18

Completed NSE at 04:18, 0.00s elapsed

Read from /usr/bin/../share/nmap: nmap-services.

Nmap done: 1 IP address (1 host up) scanned in 224.97 seconds

Useing kali nethunter

[TheProdigyLeague]

rootwebarea-Static.txt

from "github.com//issues/2634"
import 0auth
import metasploit
from jquery -fetch
/!\ no parse.json
1024_bytes*htm
in content -type ["http"]:
'CGAKLIBDFLIIKFGOOCCABKO' // pull token
$ echo 12323
$ fcp ['4626.6']
$ ls
123dsad - 171.232.153.255
['admin']
4/22/2023 1:22:20pm
$ sudo apt install --git clone io "http://www.w3.org/TR/html4/loos.dtd" // args
from /loos.dtd throw, ERROR: 404
from /Templates/MainTemplate.dwt.asp
$ false
$ echo "codeOutsideHTMLIsLocked==0"
$ IDBFactory {} == $i // db
/!\ stack trace-back:
[C]: in function 'string.format'
~#
$ /usr/bin/../share/nmap/nselib/stdnse.lua
:81:
in function, 'stdnse.debug'
~#
$ /usr/bin/../share/nmap/scripts/http-form-brute.nse
:517:
in function </usr/bin/../share/nmap/scripts/http-form-brute.nse:
<478>
~#(港口。掃描。服務。)
$ ec2-44-238-29-244.us-west-2.compute.amazonaws.com
from /usr/bin/../share/nmap
ERROR: 404