[NSE] Lantronix SLC addition to http-default-accounts-fingerprints

[nnposter () users sourceforge net]

The following patch adds a fingerprint for Lantronix SLC(*) web UI to
http-default-accounts-fingerprints.lua. Tested on SLC48 with firmware
versions 5.5 and 6.1.

* http://www.lantronix.com/it-management/console-servers/slc.html


PORT    STATE SERVICE REASON
443/tcp open  https   syn-ack
|_http-default-accounts: [Lantronix SLC] credentials found -> sysadmin:PASS Path:/scsnetwork.htm


As a side note, I have also developed fingerprints for Dell ERA and
DRAC4 but their SSL stack does not get along with nmap. They really
work only over SSLv3, despite happily agreeing to TLSv1, and they are
too slow for the hard-coded timeouts in http.pipeline_go().


Cheers,
nnposter



Patch against revision 33595 follows:

--- nselib/data/http-default-accounts-fingerprints.lua.orig     2014-08-22 16:14:17.083451100 -0600
+++ nselib/data/http-default-accounts-fingerprints.lua  2014-08-22 16:15:58.795451100 -0600
@@ -314,3 +314,27 @@
     return try_http_basic_login(host, port, path, user, pass, true)
   end
 })
+
+---
+--Remote consoles
+---
+table.insert(fingerprints, {
+  name = "Lantronix SLC",
+  category = "console",
+  paths = {
+    {path = "/scsnetwork.htm"}
+  },
+  target_check = function (host, port, path, response)
+    return response.status == 200
+           and response.header["server"]
+           and response.header["server"]:find("^mini_httpd")
+           and response.body
+           and response.body:find("<title>Lantronix SLC",1,true)
+  end,
+  login_combos = {
+    {username = "sysadmin", password = "PASS"}
+  },
+  login_check = function (host, port, path, user, pass)
+    return try_http_post_login(host, port, path, "./", "%sname%s*=%s*(['\"]?)slcpassword%1[%s>]", {slclogin=user, 
slcpassword=pass})
+  end
+})
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/