403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /usr/share/nmap/scripts/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /usr/share/nmap/scripts/xmlrpc-methods.nse
local http = require "http"
local nmap = require "nmap"
local shortport = require "shortport"
local slaxml = require "slaxml"
local stdnse = require "stdnse"
local strbuf = require "strbuf"
local string = require "string"
local table = require "table"
local tableaux = require "tableaux"

description = [[
Performs XMLRPC Introspection via the system.listMethods method.

If the verbosity is > 1 then the script fetches the response
of system.methodHelp for each method returned by listMethods.
]]

---
-- @args xmlrpc-methods.url The URI path to request.
--
-- @output
-- | xmlrpc-methods:
-- |   Supported Methods:
-- |     list
-- |     system.listMethods
-- |     system.methodHelp
-- |_    system.methodSignature
--
-- @xmloutput
-- <table key="Supported Methods">
--   <elem>list</elem>
--   <elem>system.listMethods</elem>
--   <elem>system.methodHelp</elem>
--   <elem>system.methodSignature</elem>
-- </table>

author = "Gyanendra Mishra"

license = "Same as Nmap--See https://nmap.org/book/man-legal.html"

categories = {"default", "safe", "discovery"}

portrule = shortport.http

local function set_80_columns(t)
  local buffer = strbuf.new()
  for method, description in pairs(t) do
    buffer = (buffer ..  string.format("    %s:\n\n", method))
    local line, ll  = {}, 0
    local add_word = function(word)
      if #word + ll + 1 < 78 then
        table.insert(line, word)
        ll = ll + #word + 1
      else
        buffer = buffer .. table.concat(line, " ") .. "\n"
        ll =  #word + 1
        line = {word}
      end
    end
    string.gsub(description, "(%S+)", add_word)
    buffer = buffer .. table.concat(line, " ") .. "\n\n"
  end
  return "\n" .. strbuf.dump(buffer)
end

action = function(host, port)

  local url = stdnse.get_script_args(SCRIPT_NAME .. ".url") or "/"
  local data = '<methodCall> <methodName>system.listMethods</methodName> <params></params> </methodCall>'
  local response = http.post(host, port, url, {header = {["Content-Type"] = "application/x-www-form-urlencoded"}}, nil, data )
  if not (response and response.status and response.body) then
    stdnse.debug1("HTTP POST failed")
    return nil
  end
  local output = stdnse.output_table()
  local parser = slaxml.parser:new()

  local under_80 = {
  __tostring = set_80_columns
  }

  if response.status == 200 and response.body:find("<value><string>system.listMethods</string></value>", nil, true)  then

    parser._call = {startElement = function(name)
        parser._call.text = name == "string" and function(content) output["Supported Methods"] = output["Supported Methods"] or {} table.insert(output["Supported Methods"], content)  end end,
        closeElement = function(name) parser._call.text = function() return nil end end
      }
    parser:parseSAX(response.body, {stripWhitespace=true})

    if  nmap.verbosity() > 1 and tableaux.contains(output["Supported Methods"], "system.methodHelp") then
      for i, method in ipairs(output["Supported Methods"]) do
        data = '<methodCall> <methodName>system.methodHelp</methodName> <params> <param><value> <string>' .. method .. '</string> </value></param> </params> </methodCall>'
        response = http.post(host, port, url, {header = {["Content-Type"] = "application/x-www-form-urlencoded"}}, nil, data)
        if response and response.status == 200 then
          parser._call.startElement = function(name)
            parser._call.text = name == "string" and function(content)
              content = parser.unescape(content)
              output["Supported Methods"][i] = nil
              output["Supported Methods"][method] = content
            end
          end
          parser:parseSAX(response.body, {stripWhitespace=true})
        end
        -- useful in cases when the output returned by the above request is empty
        -- or the <value><string></string></value> has no text in the string
        -- element.
        if output["Supported Methods"][i] then
          output["Supported Methods"][i] = nil
          output["Supported Methods"][method] = "Empty system.methodHelp output."
        end
      end
      setmetatable(output["Supported Methods"], under_80)
    end
    return output
  elseif response.body:find("<name>faultCode</name>", nil, true) then
    output.error = "XMLRPC instance doesn't support introspection."
    return output, output.error
  end
end


Youez - 2016 - github.com/yon3zu
LinuXploit