[Plugins-writers] False negative for linksys_ap_default_password?

Previous message: c.houle@private: "RE: [Plugins-writers] Interested in writing F-Secure Antivirus plugin"
Next in thread: Renaud Deraison: "Re: [Plugins-writers] False negative for linksys_ap_default_password?"
Reply: Renaud Deraison: "Re: [Plugins-writers] False negative for linksys_ap_default_password?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

erik@private

Greetings,

Using this plugin against a linksys router with the default password
set does not successfully identify the hole.  Attached is a patch that
I *think* would handle it better.  Here is the raw output:

With the default password set on the router:

    # telnet 192.168.1.1 80
    Trying 192.168.1.1...
    Connected to 192.168.1.1.
    Escape character is '^]'.
    GET / HTTP/1.0
    Authorization: Basic OmFkbWlu

    HTTP/1.0 200 OK
    Pragma: no-cache
    Content-Type: text/html

    <html>
    <head>
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <title>Starting Gateway Router</title>
    </head>
    <body onload="window.location.replace('index.htm');">
    </body>
    </html>
    Connection closed by foreign host.

Without the default password set on the router:

    # telnet 192.168.1.1 80
    Trying 192.168.1.1...
    Connected to 192.168.1.1.
    Escape character is '^]'.
    GET / HTTP/1.0
    Authorization: Basic OmFkbWlu

    HTTP/1.0 401 Unauthorized
    Content-Type: text/html
    WWW-Authenticate: Basic realm="Network Everywhere Wireless Router"

    <title>401 Unauthorized</title><body><h1>401
    Unauthorized</h1></body>Connection closed by foreign host.

Best regards,
Erik Stephens                                           www.edgeos.com
                             Managed Vulnerability Assessment Services