Добрый день. Нужна помощь, наткнулся на Juniper SRX650 пытаюсь войти в админку. Есть ли exploit? Пароль по умолчанию кто нибудь знает? Как определить версию JunOS? На оф. сайте Junos OS 11.4R5 Кстати Copyright © 2010 Заранее спасибо!
Мануалы на что? https://www.juniper.net/techpubs/en...ware/srx-series/srx650/srx650-quick-start.pdf Access the J-Web Interface: Specify the default username as root. Do not enter any value in the Password field. - т.е. без пароля по дефолту. Затем Configure the Basic Settings: Click Start at the bottom of the introduction page. You can configure the basic settings, such as hostname, domain name, and root password, for your services gateway. From the Configure System: Identification page, type the root password; - как не крути, при настройке устанавливается пароль.
И ещё попробуй exploit, нашёл за пару минут: Code: Details. The J-Web is a GUI based network management application used on Junos devices. The web application is vulnerable to a remote code execution vulnerability which permits privilege escalation. The file/jsdm/ajax /port.php allows execution of arbitrary user supplied PHP code via the rs POST parameter. Code executes with UID=0 (root) privileges, however you are confined to a chroot. Privilege escalation can be achieved by waiting for an administrator to log in and reading the contents of /tmp to hijack their session. Proof of Concept. Code execution: Execute a command inside the Chroot: POST /jsdm/ajax/port.php rs=exec&rsargs[]=echo “hello” Privilege escalation: Read /tmp and hijack a session POST /jsdm/ajax/port.php rs=file_get_contents&rsargs[]=/tmp
https://web.archive.org/web/2014090...er-flaw-exposes-core-routers-to-kernal-crash/ This module exploits a denial of service vulnerability in Juniper Network's JunOS router operating system. By sending a TCP packet with TCP option 101 set, an attacker can cause an affected router to reboot. http://blog.ptsecurity.com/2010/01/juniper-junos-remote-kernel-crash-flaw.html