General Electric D20 Password Recovery
The General Electric D20ME and possibly other units (D200?) feature TFTP readable configurations with plaintext passwords. This module retrieves the username, password, and authentication level list.
Rank
- Normal
Authors
- K. Reid Wightman < wightman [at] digitalbond.com >
Development
Similar Modules
- auxiliary/gather/android_htmlfileprovider
- auxiliary/gather/checkpoint_hostname
- auxiliary/gather/citrix_published_applications
- auxiliary/gather/citrix_published_bruteforce
- auxiliary/gather/corpwatch_lookup_id
- auxiliary/gather/corpwatch_lookup_name
- auxiliary/gather/enum_dns
- auxiliary/gather/natpmp_external_address
- auxiliary/gather/search_email_collector
- auxiliary/gather/shodan_search
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/gather/d20pass
msf auxiliary(d20pass) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/gather/d20pass
msf auxiliary(d20pass) > run
Module Options
| REMOTE_CONFIG_NAME | The remote filename used to retrieve the configuration (default: NVRAM\D20.zlb) |
| RHOST | The target address (default: 192.168.255.1) |
| RPORT | The target port (default: 69) |
| CHOST | The local client address |
| CPORT | The local client port |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |