[Nikto-discuss] Help on Nikto Result
david lodge
resident.deity at gmail.com
Tue Dec 15 12:28:03 UTC 2009
2009/12/15 Zaki Akhmad <zakiakhmad at gmail.com>:
> On Tue, Dec 15, 2009 at 6:04 PM, david lodge <resident.deity at gmail.com> wrote:
>>
>> Note, that your above HTTP request isn't quite well formed, it should
>> be something like:
>> echo "GET http://www.tralalaxxx.com/webadmin/ HTTP/1.1" | nc 80
>
> I get this message, after I execute that command:
> no port[s] to connect to
I missed out the hostname on the nc command, it should be:
echo "GET http://www.tralalaxxx.com/webadmin/ HTTP/1.1" | nc
www.tralalaxxx.com 80
I've just found a bug in nikto, and maybe one in libwhisker, in a
totally unrelated situation, that may also account for this false
positive.
At the moment the authentication code just looks to see whether it
gets a response without the authenticate header. But, if there's an
error reading from the server (usually caused by buggy servers,
embedded devices or over zealous IPSs) then nikto will see this as
being a successful authentication.
In my case this was due to a buggy web server getting the
content-length wrong for 404 messages.
Also, the password you get is the 3rd in the list, maybe being caused
by the web server causing delays for excessive authentication
requests. I'll open a bug for this, but it would still help if I could
get a trace of the connection.
dave
More information about the Nikto-discuss
mailing list