Patrik KarlssonNMAP:HTTP-VLCSTREAMER-LS.NSEhttp-vlcstreamer-ls NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Connects to a VLC Streamer helper service and lists directory contents. The VLC Streamer helper service is used by the iOS VLC Streamer application to enable streaming of multimedia content from the remote server to the device.
Script Arguments
http-vlcstreamer-ls.dir
directory to list (default: /)
slaxml.debug
See the documentation for the slaxml library.
http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent
See the documentation for the http library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
Example Usage
nmap -p 54340 --script http-vlcstreamer-ls <ip>
Script Output
PORT STATE SERVICE
54340/tcp open unknown
| http-vlcstreamer-ls:
| /Applications
| /Developer
| /Library
| /Network
| /Pictures
| /System
| /User Guides And Information
| /Users
| /Volumes
| /bin
| /bundles
| /cores
| /dev
| /etc
| /home
| /mach_kernel
| /net
| /opt
| /private
| /sbin
| /tmp
| /usr
|_ /var
Requires
local http = require "http"
local json = require "json"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Connects to a VLC Streamer helper service and lists directory contents. The
VLC Streamer helper service is used by the iOS VLC Streamer application to
enable streaming of multimedia content from the remote server to the device.
]]
---
-- @usage
-- nmap -p 54340 --script http-vlcstreamer-ls <ip>
--
-- @output
-- PORT STATE SERVICE
-- 54340/tcp open unknown
-- | http-vlcstreamer-ls:
-- | /Applications
-- | /Developer
-- | /Library
-- | /Network
-- | /Pictures
-- | /System
-- | /User Guides And Information
-- | /Users
-- | /Volumes
-- | /bin
-- | /bundles
-- | /cores
-- | /dev
-- | /etc
-- | /home
-- | /mach_kernel
-- | /net
-- | /opt
-- | /private
-- | /sbin
-- | /tmp
-- | /usr
-- |_ /var
--
-- @args http-vlcstreamer-ls.dir directory to list (default: /)
--
author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}
portrule = shortport.port_or_service(54340, "vlcstreamer", "tcp")
local arg_dir = stdnse.get_script_args(SCRIPT_NAME .. ".dir") or "/"
local function fail(err) return stdnse.format_output(false, err) end
action = function(host, port)
local response = http.get(host, port, ("/secure?command=browse&dir=%s"):format(arg_dir))
if ( response.status ~= 200 or not(response.body) or 0 == #response.body ) then
if ( response.status == 401 ) then
return fail("Server requires authentication")
else
return
end
end
local status, parsed = json.parse(response.body)
if ( not(status) ) then
return fail("Failed to parse response")
end
if ( parsed.errorMessage ) then
return fail(parsed.errorMessage)
end
local output = {}
for _, entry in pairs(parsed.files or {}) do
table.insert(output,entry.path)
end
table.sort(output, function(a,b) return a<b end)
return stdnse.format_output(true, output)
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%