From 312fbbfcf1243b5e6a26d514d245e0457aaa4f1e Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 24 Mar 2017 16:20:02 +0000
Subject: [PATCH] Report and record recovered creds in http-vuln-wnr1000-creds

---
 scripts/http-vuln-wnr1000-creds.nse | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/scripts/http-vuln-wnr1000-creds.nse b/scripts/http-vuln-wnr1000-creds.nse
index 525c9ba7b..c196b2df5 100644
--- a/scripts/http-vuln-wnr1000-creds.nse
+++ b/scripts/http-vuln-wnr1000-creds.nse
@@ -3,6 +3,7 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local vulns = require "vulns"
+local creds = require "creds"
 
 description = [[
 A vulnerability has been discovered in WNR 1000 series that allows an attacker
@@ -85,9 +86,13 @@ action = function(host, port)
                 local netgear_username = string.match(escape(payload_session.body), 'Router Admin Username</td>.+align="left">(.+)</td>.+Router Admin')
                 local netgear_password = string.match(escape(payload_session.body), 'Router Admin Password</td>.+align="left">(.+)</td>.+MNUText')
                 if (netgear_username ~= nil and netgear_password ~= nil) then
-                    stdnse.debug1("username : %s", escape(netgear_username))
-                    stdnse.debug1("password : %s", escape(netgear_password))
-                    vuln.state = vulns.STATE.VULN
+                  vuln.exploit_results = {
+                    ("username: %s"):format(netgear_username),
+                    ("password: %s"):format(netgear_password),
+                  }
+                  local c = creds.Credentials:new(SCRIPT_NAME, host, port)
+                  c:add(netgear_username, netgear_password, creds.State.VALID)
+                  vuln.state = vulns.STATE.VULN
                 else
                     stdnse.debug1("We haven't been able to get username/password")
                 end