Script wdb-version

Script types: portrule
Categories: default, safe, version, discovery, vuln
Download: https://svn.nmap.org/nmap/scripts/wdb-version.nse

Script Summary

Detects vulnerabilities and gathers information (such as version numbers and hardware support) from VxWorks Wind DeBug agents.

Wind DeBug is a SunRPC-type service that is enabled by default on many devices that use the popular VxWorks real-time embedded operating system. H.D. Moore of Metasploit has identified several security vulnerabilities and design flaws with the service, including weakly-hashed passwords and raw memory dumping.

See also: http://www.kb.cert.org/vuls/id/362332

Script Arguments

mount.version, nfs.version, rpc.protocol

See the documentation for the rpc library.

Example Usage

nmap -sU -p 17185 --script wdb-version <target>

Script Output

17185/udp open  wdb  Wind DeBug Agent 2.0
| wdb-version:
|   VULNERABLE: Wind River Systems VxWorks debug service enabled. See http://www.kb.cert.org/vuls/id/362332
|   Agent version: 2.0
|   VxWorks version: VxWorks5.4.2
|   Board Support Package: PCD ARM940T REV 1
|   Boot line: host:vxWorks.z

Requires

• nmap
• rpc
• shortport
• stdnse
• table

---

Author:

• Daniel Miller

License: Same as Nmap--See https://nmap.org/book/man-legal.html