2024-05-15 06:15:00 +00:00
|
|
|
id: checkpoint-firewall-enum
|
|
|
|
|
|
|
|
info:
|
2024-05-15 06:19:15 +00:00
|
|
|
name: Check Point Firewall - Detect
|
2024-05-15 06:15:00 +00:00
|
|
|
author: pussycat0x
|
|
|
|
severity: info
|
|
|
|
reference:
|
|
|
|
- https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/checkpoint_hostname.rb
|
|
|
|
metadata:
|
|
|
|
verfied: true
|
2024-06-07 10:04:29 +00:00
|
|
|
shodan-query: "product:\"Check Point Firewall\""
|
|
|
|
max-request: 1
|
2024-05-15 06:15:00 +00:00
|
|
|
tags: js,network,firewall,checkpoint,enum
|
|
|
|
|
|
|
|
javascript:
|
2024-07-10 12:08:01 +00:00
|
|
|
- pre-condition: |
|
|
|
|
isPortOpen(Host,Port);
|
|
|
|
code: |
|
2024-05-15 06:15:00 +00:00
|
|
|
let packet = bytes.NewBuffer();
|
|
|
|
let prob = "\x51\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x0bsecuremote\x00"
|
|
|
|
data = packet.Write(prob)
|
|
|
|
const c = require("nuclei/net");
|
|
|
|
let conn = c.Open('tcp', `${Host}:${Port}`);
|
|
|
|
conn.Send(data);
|
|
|
|
let resp = conn.RecvFullString();
|
|
|
|
let regex = /CN=(.+),O=(.+?)\./i;
|
|
|
|
let match = resp.match(regex);
|
|
|
|
let fw_hostname = match[1];
|
|
|
|
let sc_hostname = match[2];
|
|
|
|
let result = (`Firewall Host: ${fw_hostname}, SmartCenter Host: ${sc_hostname}`);
|
|
|
|
result
|
|
|
|
|
|
|
|
args:
|
|
|
|
Host: "{{Host}}"
|
|
|
|
Port: 264
|
|
|
|
|
|
|
|
extractors:
|
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- response
|
2024-07-10 12:45:27 +00:00
|
|
|
# digest: 4a0a0047304502207c2179f51fcc485b5f371005520838e896215c9db07f17b3cdd5629b6e23a75302210095ebdb685ac691e1908148cb7986319255d466649ed49c9617a233faef337fc7:922c64590222798bb761d5b6d8e72950
|