Nmap Development mailing list archives
Re: D-Link firmware backdoor
From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 16 Oct 2013 19:27:18 -0400
I did see that behaviour as well on the DIR-100 and I've updated the script accordingly. The attached version should work against this model as well. Seems like I may have run into a bug in the http library at the same time. I added did not want to follow redirect to better detect the 302 returned from this model. When doing the second GET request I was surprised to see a request going out to /public/login.htm even though I was requesting "/". Turns out the first 302 response was cached and is fetched from the cache even when changing the user-agent. Not sure it's a big enough problem mandating a fix as in this case using no_cache is probably the better solution. -Patrik On Wed, Oct 16, 2013 at 9:10 AM, Michael Meyer <michael.meyer () greenbone net>wrote:
*** David Maynor wrote:These are done against the same IP, only difference is the user agent: Davids-Mac-mini:dlink_scan dave$ wget -S--user-agent="xmlset_roodkcableoj28840ybtide" http://xxx.xxx.xxx.xxx [...]Server: Alpha_webserv[...]Davids-Mac-mini:dlink_scan dave$ wget -S http://xxx.xxx.xxx.xxx[...]Server: thttpd-alphanetworks/2.23Yes, i've seen this behaviour. But for example the 'DIR-100' has 'Server: Alpha_webserv' in both cases. Micha -- Michael Meyer OpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 http://www.linkedin.com/in/nevdull77
Attachment:
http-dlink-backdoor.nse
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- D-Link firmware backdoor Patrik Karlsson (Oct 15)
- Re: D-Link firmware backdoor Michael Meyer (Oct 16)
- Re: D-Link firmware backdoor David Maynor (Oct 16)
- Re: D-Link firmware backdoor Michael Meyer (Oct 16)
- Re: D-Link firmware backdoor Patrik Karlsson (Oct 16)
- Re: D-Link firmware backdoor Patrik Karlsson (Oct 17)
- Re: D-Link firmware backdoor David Maynor (Oct 16)
- Re: D-Link firmware backdoor Michael Meyer (Oct 16)