Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

File http-dlink-backdoor

Script types: portrule
Categories: exploit, vuln
Download: http://nmap.org/svn/scripts/http-dlink-backdoor.nse

User Summary

Detects a firmware backdoor on some D-Link routers by changing the User-Agent to a "secret" value. Using the "secret" User-Agent bypasses authentication and allows admin access to the router.

The following router models are likely to be vulnerable: DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, TM-G5240

In addition, several Planex routers also appear to use the same firmware: BRL-04UR, BRL-04CW

Reference: http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

Script Arguments

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.showall

See the documentation for the vulns library.

Example Usage

nmap -sV --script http-dlink-backdoor <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-dlink-backdoor:
|   VULNERABLE:
|   Firmware backdoor in some models of D-Link routers allow for admin password bypass
|     State: VULNERABLE
|     Risk factor: High
|     Description:
|       D-Link routers have been found with a firmware backdoor allowing for admin password bypass using a "secret" User-Agent string.
|
|     References:
|_      http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/

Requires


Author: Patrik Karlsson <patrik@cqure.net>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]