Nmap Development mailing list archives
Re: [NSE] ASUS RT-N10U addition to http-default-accounts-fingerprints
From: Paulino Calderon <paulino () calderonpale com>
Date: Fri, 17 Oct 2014 23:10:23 -0500
Hey, I’ve included the new signatures in r33736. Thanks for submitting them and sorry for the late response! Cheers. On Oct 13, 2014, at 11:59 AM, nnposter () users sourceforge net wrote:
The following patch adds a fingerprint for ASUS RT-N10U wireless router(*) web UI to http-default-accounts-fingerprints.lua. Tested with firmware version 1.0.1.3. * http://www.asus.com/Networking/RTN10U/ In addition the patch contains a previously submitted fingerprint(*) for Motorola RF Switch. (The fingerprint did not receive any feedback.) * http://seclists.org/nmap-dev/2014/q3/420 Cheers, nnposter Patch against revision 33720 follows: --- nselib/data/http-default-accounts-fingerprints.lua.orig 2014-10-11 08:38:48.016343800 +0200 +++ nselib/data/http-default-accounts-fingerprints.lua 2014-10-10 19:28:51.465400300 +0200 @@ -1,3 +1,4 @@ +local bin = require "bin" local http = require "http" local table = require "table" local url = require "url" @@ -259,6 +260,55 @@ }) table.insert(fingerprints, { + name = "ASUS RT-N10U", + category = "routers", + paths = { + {path = "/as.asp"} + }, + target_check = function (host, port, path, response) + return http_auth_realm(response) == "RT-N10U" + end, + login_combos = { + {username = "admin", password = "admin"} + }, + login_check = function (host, port, path, user, pass) + return try_http_basic_login(host, port, path, user, pass, false) + end +}) + +table.insert(fingerprints, { + name = "Motorola RF Switch", + category = "routers", + paths = { + {path = "/getfwversion.cgi"} + }, + target_check = function (host, port, path, response) + -- true if the response is HTTP/200 and returns a firmware version + return response.status == 200 + and not response.header["server"] + and response.header["content-type"] == "text/plain" + and response.body + and response.body:find("\n%d+%.%d+%.%d+%.%d+%-%w+\n") + end, + login_combos = { + {username = "admin", password = "superuser"} + }, + login_check = function (host, port, path, user, pass) + local tohex = function (str) + local _, hex = bin.unpack("H" .. #str, str) + return hex:lower() + end + local login = string.format("J20K34NMMT89XPIJ34S login %s %s", tohex(user), tohex(pass)) + local lpath = url.absolute(path, "usmCgi.cgi/?" .. url.escape(login)) + local req = http.get(host, port, lpath, {no_cache=true, redirect_ok = false}) + return req + and req.status == 200 + and req.body + and req.body:match("^login 0 ") + end +}) + +table.insert(fingerprints, { name = "Nortel VPN Router", category = "routers", paths = { _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ASUS RT-N10U addition to http-default-accounts-fingerprints nnposter (Oct 13)
- Re: [NSE] ASUS RT-N10U addition to http-default-accounts-fingerprints Paulino Calderon (Oct 17)