1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
#
# This script was written by Victor Kirhenshtein <sauros@iname.com>
# Based on cisco_675.nasl by Renaud Deraison <deraison@cvs.nessus.org>
#
# See the Nessus Scripts License for details
#
if(description)
{
script_id(10529);
script_version ("$Revision: 1.8 $");
name["english"] = "Nortel Networks passwordless router (user level)";
script_name(english:name["english"]);
desc["english"] = "
The remote Nortel Networks (former Bay Networks) router has
no password for user account.
An attacker could telnet to the router and reconfigure it to lock
you out of it, and to prevent you to use your internet
connection.
Solution : telnet to this router and set a password
immediately.
Risk factor : Medium";
script_description(english:desc["english"]);
summary["english"] = "Logs into the remote Nortel Networks (Bay Networks) router";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2000 Victor Kirhenshtein");
script_family(english:"Misc.", francais:"Divers");
script_require_ports(23);
exit(0);
}
#
# The script code starts here
#
include('telnet_func.inc');
port = 23;
if(get_port_state(port))
{
buf = get_telnet_banner(port:port);
if ( ! buf || "Bay Networks" >!< buf ) exit(0);
soc = open_sock_tcp(port);
if(soc)
{
buf = telnet_negotiate(socket:soc);
if("Bay Networks" >< buf)
{
if ("Login:" >< buf)
{
data = string("User\r\n");
send(socket:soc, data:data);
buf2 = recv(socket:soc, length:1024);
if("$" >< buf2) security_warning(port);
}
}
close(soc);
}
}
|
