Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##############################################################################
- # OpenVAS Vulnerability Test
- # $Id: gb_loxone_default_login.nasl 4015 2016-09-09 05:53:53Z teissa $
- #
- # NETGEAR WNR2000v5 - Remote Code Execution Vulnerability
- #
- # Authors:
- # Tameem Eissa <tameem.eissa@greenbone.net>
- #
- # Copyright:
- # Copyright (c) 2016 Greenbone Networks GmbH
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; either version 2
- # of the License, or (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- ###############################################################################
- CPE = 'cpe:/a:loxone:loxone';
- if (description)
- {
- script_oid("1.3.6.1.4.1.25623.1.0.107045");
- script_version ("$Revision$");
- script_tag(name:"cvss_base", value:"7.5");
- script_tag(name:"cvss_base", value:"6.0");
- script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:P/I:P/A:P");
- script_tag(name: "impact" , value:" .");
- script_tag(name: "vuldetect" , value:"Try to login with default credentials admin:password");
- script_tag(name: "solution" , value:"Change the username and password");
- script_tag(name: "summary" , value:"The installation has default credentials set.");
- script_tag(name:"solution_type", value: "Workaround");
- script_tag(name:"qod_type", value:"remote_active");
- script_tag(name:"last_modification", value:"$Date: 2016-09-09 07:53:53 +0200 (Fri, 09 Sep 2016) $");
- script_tag(name:"creation_date", value:"2016-12-27 13:00:00 +0100 (Thu, 27 Dec 2016)");
- script_xref(name : "URL" , value : "https://www.exploit-db.com/exploits/40949/");
- script_category(ACT_ATTACK);
- script_family("Web application abuses");
- script_copyright("This script is Copyright (C) 2016 Greenbone Networks GmbH");
- script_dependencies("find_service.nasl", "http_version.nasl");
- script_require_ports("Services/www", 8080, 80);
- script_exclude_keys("Settings/disable_cgi_scanning");
- exit(0);
- }
- include("http_func.inc");
- include("http_keepalive.inc");
- include("host_details.inc");
- include("misc_func.inc");
- ## Get HTTP Port
- netport = get_http_port(default:80);
- display("hello\n");
- username = "admin";
- password = "password";
- banner = get_http_banner(port:netport);
- if('Basic realm="NETGEAR' >!< banner){
- exit(0);
- }
- credentials = base64(str: username + ":" + password);
- req = 'GET / HTTP/1.1\r\n' +
- 'Host: ' + get_host_name() + '\r\n' +
- 'Authorization: Basic ' + credentials + '\r\n' +
- '\r\n';
- res = http_send_recv( port:netport, data:req, bodyonly:FALSE );
- if ( res =~ "HTTP/1\.. 200" && 'Server: uhttpd/1.0.0' >< res )
- {
- report = "It was possible to login into Loxone web interface using username `admin` and password `password` ";
- security_message ( port: http_port, data: report);
- exit(0);
- }
- exit( 0 );
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
