API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 14th, 2016
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.03 KB | None | 0 0
raw download clone embed print report
  1. ###############################################################################
  2. # OpenVAS Vulnerability Test
  3. # $Id$
  4. #
  5. # Default password `bakergiga` for root account
  6. #
  7. # Authors:
  8. # Michael Meyer <michael.meyer@greenbone.net>
  9. #
  10. # Copyright:
  11. # Copyright (c) 2016 Greenbone Networks GmbH
  12. #
  13. # This program is free software; you can redistribute it and/or
  14. # modify it under the terms of the GNU General Public License
  15. # as published by the Free Software Foundation; either version 2
  16. # of the License, or (at your option) any later version.
  17. #
  18. # This program is distributed in the hope that it will be useful,
  19. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. # GNU General Public License for more details.
  22. #
  23. # You should have received a copy of the GNU General Public License
  24. # along with this program; if not, write to the Free Software
  25. # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  26. ###############################################################################
  27.  
  28. if (description)
  29. {
  30. script_oid("1.3.6.1.4.1.25623.1.0.140055");
  31. script_version("$Revision$");
  32. script_tag(name:"cvss_base", value:"10.0");
  33. script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  34. script_name("Default password `bakergiga` for root account");
  35. script_tag(name:"last_modification", value:"$Date$");
  36. script_tag(name:"creation_date", value:"Default password `bakergiga` for root account");
  37. script_category(ACT_ATTACK);
  38. script_family("Default Accounts");
  39. script_copyright("This script is Copyright (C) 2016 Greenbone Networks GmbH");
  40. script_require_ports("Services/ssh", 22);
  41.  
  42. script_tag(name: "summary" , value: 'The remote device is prone to a default account authentication bypass vulnerability.');
  43.  
  44. script_tag(name: "impact" , value:'This issue may be exploited by a remote attacker to gain access to sensitive information or modify system configuration.');
  45.  
  46. script_tag(name: "vuldetect" , value: 'Try to login as root with password `bakergiga`.');
  47. script_tag(name: "solution" , value: 'Updates are available');
  48. script_tag(name:"solution_type", value:"VendorFix");
  49. script_dependencies("ssh_detect.nasl");
  50. script_tag(name:"qod_type", value:"exploit");
  51. exit(0);
  52. }
  53.  
  54. include("ssh_func.inc");
  55.  
  56. port = get_kb_item( "Services/ssh" );
  57. if( ! port ) port = 22;
  58.  
  59. if( ! get_port_state( port ) ) exit( 0 );
  60.  
  61. if( ! soc = open_sock_tcp( port ) ) exit( 0 );
  62.  
  63. user = 'root';
  64. pass = 'bakergiga';
  65.  
  66. login = ssh_login( socket:soc, login:user, password:pass, pub:NULL, priv:NULL, passphrase:NULL );
  67.  
  68. if(login == 0)
  69. {
  70. cmd = ssh_cmd( socket:soc, cmd:'version', pty:TRUE, nosh:TRUE, pattern:'Current Image Version' );
  71.  
  72. close( soc );
  73.  
  74. if( "Current Image Version" >< cmd )
  75. {
  76. report = 'It was possible to login as user `root` with password `bakergiga` and to execute the `version` command. Result:\n\n' + cmd;
  77. security_message( port:port, data:report );
  78. exit( 0 );
  79. }
  80. }
  81.  
  82. if( soc ) close( soc );
  83. exit( 0 );
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!