Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: D-Link firmware backdoor

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 17 Oct 2013 19:31:41 -0400
I committed the script as r32437.
- Patrik



On Wed, Oct 16, 2013 at 7:27 PM, Patrik Karlsson <patrik () cqure net> wrote:


I did see that behaviour as well on the DIR-100 and I've updated the
script accordingly.
The attached version should work against this model as well.

Seems like I may have run into a bug in the http library at the same time.
I added did not want to follow redirect to better detect the 302 returned
from this model.
When doing the second GET request I was surprised to see a request going
out to /public/login.htm even though I was requesting "/".
Turns out the first 302 response was cached and is fetched from the cache
even when changing the user-agent.
Not sure it's a big enough problem mandating a fix as in this case using
no_cache is probably the better solution.

-Patrik



On Wed, Oct 16, 2013 at 9:10 AM, Michael Meyer <
michael.meyer () greenbone net> wrote:


*** David Maynor wrote:


These are done against the same IP, only difference is the user agent:
Davids-Mac-mini:dlink_scan dave$ wget -S

--user-agent="xmlset_roodkcableoj28840ybtide" http://xxx.xxx.xxx.xxx

[...]


 Server: Alpha_webserv


[...]


Davids-Mac-mini:dlink_scan dave$ wget -S http://xxx.xxx.xxx.xxx


[...]


 Server: thttpd-alphanetworks/2.23


Yes, i've seen this behaviour. But for example the 'DIR-100' has
'Server: Alpha_webserv' in both cases.

Micha

--
Michael Meyer                            OpenPGP Key: 52A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77






-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
http://www.linkedin.com/in/nevdull77
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: