Some time ago I wrote a post and a small script to run a brute force attack against FortiGate appliances. (Link to that post you can find here). This time I decided to check if similar bug is present in latest WatchGuard appliance (FireboxV, version 12.12). Below you'll find the details and poc code to test it in your own LAB. Below you'll find more details about it. Here we go...
Today we'll start here:
To setup my local LAB I used latest OVA image from the vendor's page (https://software.watchguard.com/SoftwareHome ) and Kali Linux as an attacker box.
My goal was to retry the attack scenario (described for the Fortigate VMs) and use the same idea against WatchGuard login page.
Quick results you can find presented in the screenshot below. To perform an attack I used simple wordlist in TXT file:
So, it looks like this: if you set a 'dictionary password' for the appliance the attack scenario is also possible (similar to the FortiGate machines).
I hope you'll find it useful during your legal pentests. ;)
Full code is available here.
Thank you for all the support!
Have a nice day!
Brak komentarzy:
Prześlij komentarz