Created
February 9, 2016 22:25
-
-
Save nnposter/ce9f1de8f637eb34d1f3 to your computer and use it in GitHub Desktop.
Adds a signature for RICOH Web Image Monitor to http-default-accounts-fingerprints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Adds a signature for RICOH Web Image Monitor | |
--- a/nselib/data/http-default-accounts-fingerprints.lua | |
+++ b/nselib/data/http-default-accounts-fingerprints.lua | |
@@ -1,3 +1,4 @@ | |
+local base64 = require "base64" | |
local bin = require "bin" | |
local http = require "http" | |
local table = require "table" | |
@@ -445,6 +446,46 @@ | |
end | |
}) | |
+table.insert(fingerprints, { | |
+ name = "RICOH Web Image Monitor", | |
+ category = "printer", | |
+ paths = { | |
+ {path = "/web/guest/en/websys/webArch/header.cgi"} | |
+ }, | |
+ target_check = function (host, port, path, response) | |
+ return response.header["server"] | |
+ and response.header["server"]:find("^Web%-Server/%d+%.%d+$") | |
+ and response.body | |
+ and response.body:find("RICOH", 1, true) | |
+ end, | |
+ login_combos = { | |
+ {username = "admin", password = ""}, | |
+ {username = "supervisor", password = ""} | |
+ }, | |
+ login_check = function (host, port, path, user, pass) | |
+ -- harvest the login form token | |
+ local req1 = http.get(host, port, url.absolute(path, "authForm.cgi"), {no_cache=true, redirect_ok = false, cookies = "cookieOnOffChecker=on"}) | |
+ if req1.status ~= 200 then return false end | |
+ local token = req1.body and req1.body:match('<input%s+type%s*=%s*"hidden"%s+name%s*=%s*"wimToken"%s+value%s*=%s*"(.-)"') | |
+ if not token then return false end | |
+ -- build the login form and submit it | |
+ local form = {wimToken = token, | |
+ userid_work = "", | |
+ userid = base64.enc(user), | |
+ password_work = "", | |
+ password = base64.enc(pass), | |
+ open = ""} | |
+ local req2 = http.post(host, port, url.absolute(path, "login.cgi"), {no_cache=true, cookies=req1.cookies}, nil, form) | |
+ local loc = req2.header["location"] or "" | |
+ -- successful login is a 302-redirect that sets a session cookie with numerical value | |
+ if not (req2.status == 302 and loc:find("/mainFrame%.cgi$")) then return false end | |
+ for _, ck in ipairs(req2.cookies or {}) do | |
+ if ck.name:lower() == "wimsesid" then return ck.value:find("^%d+$") end | |
+ end | |
+ return false | |
+ end | |
+}) | |
+ | |
--- | |
--Remote consoles | |
--- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment