Nmap Development mailing list archives
http-barracuda-dir-traversal.nse
From: Brendan Coles <bcoles () gmail com>
Date: Wed, 8 Jun 2011 14:00:53 +1000
Hi nmap-dev, Attached is http-barracuda-dir-traversal.nse which is designed to exploit the Barracuda directory traversal bug, as per the script ideas page on secwiki.org It extracts a few details about the device and its services in addition to the server password. There's tonnes of information available in the Barracuda config files, including plaintext passwords for all mail accounts. The configuration files often contain hundreds (if not thousands) of user accounts so I've left this information out for now. Feedback is welcomed and appreciated. description = [[ Attempts to retrieve the configuration settings from the MySQL database dump on a Barracuda Networks Spam & Virus Firewall device using the directory traversal vulnerability in the "locale" parameter of "/cgi-mod/view_help.cgi" or "/cgi-bin/view_help.cgi". The web administration interface runs on port 8000 by default. ]] --- Summary -- Original exploit by ShadowHatesYou <Shadow () SquatThis net> -- Barracuda Networks Spam & Virus Firewall <= 4.1.1.021 Remote Configuration Retrieval -- http://www.exploit-db.com/exploits/15130/ -- -- @usage -- nmap --script http-barracuda-dir-traversal -p <port> <host> -- -- @output -- PORT STATE SERVICE REASON -- 8000/tcp open http-alt syn-ack -- | http-barracuda-dir-traversal: -- | Device: Barracuda Spam Firewall -- | Version: 4.1.0.0 -- | Hostname: barracuda -- | Domain: example.com -- | Timezone: America/Chicago -- | Language: custom -- | Password: 123456 -- | Gateway: 192.168.1.1 -- | Primary DNS: 192.168.1.2 -- | Secondary DNS: 192.168.1.3 -- | DNS Cache: No -- | NTP Enabled: Yes -- | NTP Server: update01.barracudanetworks.com -- | SSH Enabled: Yes -- | BRTS Enabled: No -- | BRTS Server: fp.bl.barracudanetworks.com -- | HTTP Disabled: No -- | HTTP Port: 8000 -- | HTTPS Only: No -- |_HTTPS Port: 443 Regards, Brendan Coles http://itsecuritysolutions.org
Attachment:
http-barracuda-dir-traversal.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- http-barracuda-dir-traversal.nse Brendan Coles (Jun 07)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Toni Ruottu (Jun 09)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 09)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 09)
- Re: http-barracuda-dir-traversal.nse David Fifield (Jun 14)
- Re: http-barracuda-dir-traversal.nse Brendan Coles (Jun 14)
- Re: http-barracuda-dir-traversal.nse Paulino Calderon (Jun 28)
- Re: http-barracuda-dir-traversal.nse Michael Lubinski (Jun 08)
- Re: http-barracuda-dir-traversal.nse Gutek (Jun 08)
- Re: http-barracuda-dir-traversal.nse Fyodor (Jun 14)
- Re: http-barracuda-dir-traversal.nse Patrik Karlsson (Jun 19)