nnposter/http-default-accounts-fingerprints-ricoh.patch Secret

## http-default-accounts-fingerprints-ricoh.patch
* Adds a signature for RICOH Web Image Monitor
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -1,3 +1,4 @@
+local base64 = require "base64"
 local bin = require "bin"
 local http = require "http"
 local table = require "table"
@@ -445,6 +446,46 @@
   end
 })

+table.insert(fingerprints, {
+  name = "RICOH Web Image Monitor",
+  category = "printer",
+  paths = {
+    {path = "/web/guest/en/websys/webArch/header.cgi"}
+  },
+  target_check = function (host, port, path, response)
+    return response.header["server"]
+           and response.header["server"]:find("^Web%-Server/%d+%.%d+$")
+           and response.body
+           and response.body:find("RICOH", 1, true)
+  end,
+  login_combos = {
+    {username = "admin",      password = ""},
+    {username = "supervisor", password = ""}
+  },
+  login_check = function (host, port, path, user, pass)
+    -- harvest the login form token
+    local req1 = http.get(host, port, url.absolute(path, "authForm.cgi"), {no_cache=true, redirect_ok = false, cookies = "cookieOnOffChecker=on"})
+    if req1.status ~= 200 then return false end
+    local token = req1.body and req1.body:match('<input%s+type%s*=%s*"hidden"%s+name%s*=%s*"wimToken"%s+value%s*=%s*"(.-)"')
+    if not token then return false end
+    -- build the login form and submit it
+    local form = {wimToken = token,
+                  userid_work = "",
+                  userid = base64.enc(user),
+                  password_work = "",
+                  password = base64.enc(pass),
+                  open = ""}
+    local req2 = http.post(host, port, url.absolute(path, "login.cgi"), {no_cache=true, cookies=req1.cookies}, nil, form)
+    local loc = req2.header["location"] or ""
+    -- successful login is a 302-redirect that sets a session cookie with numerical value
+    if not (req2.status == 302 and loc:find("/mainFrame%.cgi$")) then return false end
+    for _, ck in ipairs(req2.cookies or {}) do
+      if ck.name:lower() == "wimsesid" then return ck.value:find("^%d+$") end
+    end
+    return false
+  end
+})
+
 ---
 --Remote consoles
 ---
	* Adds a signature for RICOH Web Image Monitor
	--- a/nselib/data/http-default-accounts-fingerprints.lua
	+++ b/nselib/data/http-default-accounts-fingerprints.lua
	@@ -1,3 +1,4 @@
	+local base64 = require "base64"
	local bin = require "bin"
	local http = require "http"
	local table = require "table"
	@@ -445,6 +446,46 @@
	end
	})

	+table.insert(fingerprints, {
	+ name = "RICOH Web Image Monitor",
	+ category = "printer",
	+ paths = {
	+ {path = "/web/guest/en/websys/webArch/header.cgi"}
	+ },
	+ target_check = function (host, port, path, response)
	+ return response.header["server"]
	+ and response.header["server"]:find("^Web%-Server/%d+%.%d+$")
	+ and response.body
	+ and response.body:find("RICOH", 1, true)
	+ end,
	+ login_combos = {
	+ {username = "admin", password = ""},
	+ {username = "supervisor", password = ""}
	+ },
	+ login_check = function (host, port, path, user, pass)
	+ -- harvest the login form token
	+ local req1 = http.get(host, port, url.absolute(path, "authForm.cgi"), {no_cache=true, redirect_ok = false, cookies = "cookieOnOffChecker=on"})
	+ if req1.status ~= 200 then return false end
	+ local token = req1.body and req1.body:match('<input%s+type%s=%s"hidden"%s+name%s=%s"wimToken"%s+value%s=%s"(.-)"')
	+ if not token then return false end
	+ -- build the login form and submit it
	+ local form = {wimToken = token,
	+ userid_work = "",
	+ userid = base64.enc(user),
	+ password_work = "",
	+ password = base64.enc(pass),
	+ open = ""}
	+ local req2 = http.post(host, port, url.absolute(path, "login.cgi"), {no_cache=true, cookies=req1.cookies}, nil, form)
	+ local loc = req2.header["location"] or ""
	+ -- successful login is a 302-redirect that sets a session cookie with numerical value
	+ if not (req2.status == 302 and loc:find("/mainFrame%.cgi$")) then return false end
	+ for _, ck in ipairs(req2.cookies or {}) do
	+ if ck.name:lower() == "wimsesid" then return ck.value:find("^%d+$") end
	+ end
	+ return false
	+ end
	+})
	+
	---
	--Remote consoles
	---