Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS

From: Shinnok <admin () shinnok com>
Date: Sat, 23 Jul 2011 12:02:11 +0300
Hi nmap-dev,

I thought I should give you an update about the state of this script.
Right now we support the following services in http-default-accounts:

- Cacti
- Apache Tomcat
- Apache Axis2
- Cisco 2811 routers
- Arris 2307 routers

Unfortunately I have limited access to devices that are usually left
with default credentials so I'm asking for fingerprints to nmap-dev. If
you have access to a device commonly found with default credentials and
you would like to contribute, send my way the http request logs of the
login process (Even Firefox's Tamper data logs are fine). Note that
login functions are usually simple and the final fingerprint look like:

table.insert(fingerprints, {
  name = "Apache Tomcat",
  category = "web",
  paths = {
    {path = "/manager/html/"},
    {path = "/tomcat/manager/html/"}
  },
  login_combos = {
    {username = "tomcat", password = "tomcat"},
    {username = "admin", password = "admin"}
  },
  login_check = function (host, port, path, user, pass)
    return try_http_basic_login(host, port, path, user, pass)
  end
})

My wishlist:
- Citrix Access Gateway
- Other Cisco devices
- Web administration consoles
- Any other common router.

Thank you!




Hey Paulino,

You should probably check the emulators for d-link routers available on
d-link's website. The give you access to the interface of d-link routers
as well as their login process.

Examples:
http://support.dlink.com/emulators/dir825/113NA/Login.html
http://support.dlink.com/emulators/di624s/
http://support.dlink.com/EMULATORS/DI524/

They should provide insight you into urls and for some the http post
login process. However, I don't own a d-link router and thus I can't
attest to their exact fidelity as presented on the website's sandbox,
so, if someone reading this e-mail owns a d-link router, can you please
find the emulator for it on the website and check that the urls and the
login process match the ones on the actual device?

You can find a list of all emulators available here:
http://www.dlink.com/support/faq/?prod_id=1457

The default username and password for D-Link DI(http auth) and WBR(http
post) series are "admin" and blank password.
http://www.dlink.com/support/faq/

More default router logins:
http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
http://cirt.net/passwords
http://defaultpasswords.in/
http://portforward.com/default_username_password/
http://www.virus.org/default-password/
http://www.3ice.hu/tool/dpl/DefaultRouterPasswordList.html
http://urbanwireless.info/default-router-passwords

Set top boxes logins:
http://www.receiverpasswords.com/

Regards,
Shinnok
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: