Nmap Development mailing list archives
[NSE] ASUS RT-N10U addition to http-default-accounts-fingerprints
From: nnposter () users sourceforge net
Date: Mon, 13 Oct 2014 16:59:25 +0000
The following patch adds a fingerprint for ASUS RT-N10U wireless router(*) web UI to http-default-accounts-fingerprints.lua. Tested with firmware version 1.0.1.3. * http://www.asus.com/Networking/RTN10U/ In addition the patch contains a previously submitted fingerprint(*) for Motorola RF Switch. (The fingerprint did not receive any feedback.) * http://seclists.org/nmap-dev/2014/q3/420 Cheers, nnposter Patch against revision 33720 follows: --- nselib/data/http-default-accounts-fingerprints.lua.orig 2014-10-11 08:38:48.016343800 +0200 +++ nselib/data/http-default-accounts-fingerprints.lua 2014-10-10 19:28:51.465400300 +0200 @@ -1,3 +1,4 @@ +local bin = require "bin" local http = require "http" local table = require "table" local url = require "url" @@ -259,6 +260,55 @@ }) table.insert(fingerprints, { + name = "ASUS RT-N10U", + category = "routers", + paths = { + {path = "/as.asp"} + }, + target_check = function (host, port, path, response) + return http_auth_realm(response) == "RT-N10U" + end, + login_combos = { + {username = "admin", password = "admin"} + }, + login_check = function (host, port, path, user, pass) + return try_http_basic_login(host, port, path, user, pass, false) + end +}) + +table.insert(fingerprints, { + name = "Motorola RF Switch", + category = "routers", + paths = { + {path = "/getfwversion.cgi"} + }, + target_check = function (host, port, path, response) + -- true if the response is HTTP/200 and returns a firmware version + return response.status == 200 + and not response.header["server"] + and response.header["content-type"] == "text/plain" + and response.body + and response.body:find("\n%d+%.%d+%.%d+%.%d+%-%w+\n") + end, + login_combos = { + {username = "admin", password = "superuser"} + }, + login_check = function (host, port, path, user, pass) + local tohex = function (str) + local _, hex = bin.unpack("H" .. #str, str) + return hex:lower() + end + local login = string.format("J20K34NMMT89XPIJ34S login %s %s", tohex(user), tohex(pass)) + local lpath = url.absolute(path, "usmCgi.cgi/?" .. url.escape(login)) + local req = http.get(host, port, lpath, {no_cache=true, redirect_ok = false}) + return req + and req.status == 200 + and req.body + and req.body:match("^login 0 ") + end +}) + +table.insert(fingerprints, { name = "Nortel VPN Router", category = "routers", paths = { _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ASUS RT-N10U addition to http-default-accounts-fingerprints nnposter (Oct 13)
- Re: [NSE] ASUS RT-N10U addition to http-default-accounts-fingerprints Paulino Calderon (Oct 17)