Nmap Development mailing list archives
[NSE] Lantronix SLC addition to http-default-accounts-fingerprints
From: nnposter () users sourceforge net
Date: Fri, 5 Sep 2014 23:06:25 +0000
The following patch adds a fingerprint for Motorola RF Switch(*) web UI to http-default-accounts-fingerprints.lua. Tested on WS5100 and RFS6000 with firmware versions 3.3.2, 4.3.1, and 4.4.1. * http://www.motorolasolutions.com/XP-EN/Business+Product+and+Services/Wireless+Broadband+Networks/Wireless+LAN/Wireless+Switches PORT STATE SERVICE 443/tcp open https |_http-default-accounts: [Motorola RF Switch] credentials found -> admin:superuser Path:/getfwversion.cgi Cheers, nnposter Patch against revision 33654 follows: --- nselib/data/http-default-accounts-fingerprints.lua.orig 2014-08-22 18:38:56.992998300 -0600 +++ nselib/data/http-default-accounts-fingerprints.lua 2014-09-05 16:50:54.072641400 -0600 @@ -1,3 +1,4 @@ +local bin = require "bin" local http = require "http" local table = require "table" local url = require "url" @@ -259,6 +260,38 @@ }) table.insert(fingerprints, { + name = "Motorola RF Switch", + category = "routers", + paths = { + {path = "/getfwversion.cgi"} + }, + target_check = function (host, port, path, response) + -- true if the response is HTTP/200 and returns a firmware version + return response.status == 200 + and not response.header["server"] + and response.header["content-type"] == "text/plain" + and response.body + and response.body:find("\n%d+%.%d+%.%d+%.%d+%-%w+\n") + end, + login_combos = { + {username = "admin", password = "superuser"} + }, + login_check = function (host, port, path, user, pass) + local tohex = function (str) + local _, hex = bin.unpack("H" .. str:len(), str) + return hex:lower() + end + local login = string.format("J20K34NMMT89XPIJ34S login %s %s", tohex(user), tohex(pass)) + local lpath = url.absolute(path, "usmCgi.cgi/?" .. url.escape(login)) + local req = http.get(host, port, lpath, {no_cache=true, redirect_ok = false}) + return req + and req.status == 200 + and req.body + and req.body:match("^login 0 ") + end +}) + +table.insert(fingerprints, { name = "Nortel VPN Router", category = "routers", paths = { _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Lantronix SLC addition to http-default-accounts-fingerprints nnposter (Aug 22)
- <Possible follow-ups>
- [NSE] Lantronix SLC addition to http-default-accounts-fingerprints nnposter (Sep 05)