API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 27th, 2016
138
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.04 KB | None | 0 0
raw download clone embed print report
  1. ##############################################################################
  2. # OpenVAS Vulnerability Test
  3. # $Id$
  4. #
  5. # NETGEAR WNR2000v5 - Remote Code Execution Vulnerability
  6. #
  7. # Authors:
  8. # Tameem Eissa <tameem.eissa@greenbone.net>
  9. #
  10. # Copyright:
  11. # Copyright (c) 2016 Greenbone Networks GmbH
  12. #
  13. # This program is free software; you can redistribute it and/or
  14. # modify it under the terms of the GNU General Public License
  15. # as published by the Free Software Foundation; either version 2
  16. # of the License, or (at your option) any later version.
  17. #
  18. # This program is distributed in the hope that it will be useful,
  19. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  20. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  21. # GNU General Public License for more details.
  22. #
  23. # You should have received a copy of the GNU General Public License
  24. # along with this program; if not, write to the Free Software
  25. # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  26. ###############################################################################
  27.  
  28. if (description)
  29. {
  30. script_oid("1.3.6.1.4.1.25623.1.0.107114");
  31. script_version ("$Revision$");
  32. script_tag(name:"cvss_base", value:"6.0");
  33. script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
  34. script_tag(name: "impact" , value:" .");
  35. script_tag(name: "vuldetect" , value:"Try to login with default credentials admin:password");
  36. script_tag(name: "solution" , value:"Change the username and password");
  37. script_tag(name: "summary" , value:"The installation has default credentials set.");
  38. script_tag(name:"solution_type", value: "Workaround");
  39.  
  40. script_tag(name:"qod_type", value:"remote_active");
  41.  
  42. script_tag(name:"last_modification", value:"$Date$");
  43. script_tag(name:"creation_date", value:"2016-12-27 13:00:00 +0100 (Tue, 27 Dec 2016)");
  44. script_xref(name : "URL" , value : "https://www.exploit-db.com/exploits/40949/");
  45. script_category(ACT_ATTACK);
  46. script_family("Web application abuses");
  47. script_copyright("This script is Copyright (C) 2016 Greenbone Networks GmbH");
  48. script_dependencies("find_service.nasl", "http_version.nasl");
  49. script_require_ports("Services/www", 8080, 80);
  50. script_exclude_keys("Settings/disable_cgi_scanning");
  51. exit(0);
  52. }
  53.  
  54. include("http_func.inc");
  55. include("host_details.inc");
  56.  
  57. ## Get HTTP Port
  58. netport = get_http_port(default:80);
  59. username = "admin";
  60. password = "password";
  61.  
  62. banner = get_http_banner(port:netport);
  63.  
  64. if('Basic realm="NETGEAR' >!< banner){
  65. exit(0);
  66. }
  67.  
  68. credentials = base64(str: username + ":" + password);
  69. req = 'GET / HTTP/1.1\r\n' +
  70. 'Host: ' + get_host_name() + '\r\n' +
  71. 'Authorization: Basic ' + credentials + '\r\n' +
  72. '\r\n';
  73.  
  74. res = http_send_recv( port:netport, data:req, bodyonly:FALSE );
  75.  
  76. if ( res =~ "HTTP/1\.. 200" && 'Server: uhttpd/1.0.0' >< res )
  77. {
  78. report = "It was possible to login into NETGEAR WNR2000v5 using username `admin` and password `password` ";
  79. security_message ( port: http_port, data: report);
  80. exit(0);
  81. }
  82.  
  83. exit( 0 );
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!