cfischer@distal:~/openvas-scm/nvts/scripts$ svn diff 2017/gb_pfsense_default_ssh

1. cfischer@distal:~/openvas-scm/nvts/scripts$ svn diff 2017/gb_pfsense_default_ssh_credentials.nasl
2. Index: 2017/gb_pfsense_default_ssh_credentials.nasl
3. ===================================================================
4. --- 2017/gb_pfsense_default_ssh_credentials.nasl (revision 7794)
5. +++ 2017/gb_pfsense_default_ssh_credentials.nasl (working copy)
6. @@ -71,8 +71,7 @@
7. login = ssh_login( socket:soc, login:username, password:password, pub:NULL, priv:NULL, passphrase:NULL );
8.  
9. if( login == 0 ) {
10. - rcv = ssh_cmd( socket:soc, cmd:'8', nosh:TRUE, pty:TRUE );
11. - sh = ssh_cmd( socket:soc, cmd:'cat /etc/passwd' );
12. + rcv = ssh_cmd( socket:soc, cmd:'8\n && cat /etc/passwd', nosh:TRUE, pty:TRUE );
13.  
14. if ('Welcome to pfSense' >< rcv && username >< rcv) {
15. vuln = TRUE;
16. @@ -79,10 +78,9 @@
17. report += '\nuser: "' + username + '", password: "' + password + '"';
18. }
19.  
20. - if (sh =~ 'root:.*:0:[01]:') {
21. - report += '\n\nIt was also possible to execute "cat /etc/passwd" as "' + username + '". Result:\n\n' + sh;
22. + if (passwd = egrep( pattern:'root:.*:0:[01]:', string:rcv)) {
23. + report += '\n\nIt was also possible to execute "cat /etc/passwd" as "' + username + '". Result:\n\n' + passwd;
24. }
25. -
26. close( soc );
27. }
28. }