Scrawl - a screenshot of websites and security of web interfaces of SIP devices
It all started with the fact that some subscribers who connected via SIP to our corporate PBX without using VPN did not comply with the security fundamentals and left on the external IP address access to the web interface or router or IP gateway with standard login password. What gives potential attackers the opportunity to get the settings, pretend to be our subscriber and make a lot of calls to long-distance directions.
At first, it was just CURL'om that twitched the IP addresses of subscribers (it turned out that some devices rebuy with a simple HTTP POST request), and then I wanted to scan and get the beauty somehow. In general, it turned out Scrawl - a screenshot of sites ( project site , repository ).
On the fashionable wave of headless browsers, I wanted to try PhantomJS , a more convenient interface to which CasperJS gives, and then it became desirable to use it in conjunction with Node.JS, so I began to use SpookyJS .
')
Installed, launched (detailed installation instructions in the project repository ) and got a web interface for downloading a list of IP addresses or domains for sequential crawling and receiving screenshots. Now you can get somewhere from your equipment or system a list of addresses to be checked and upload them to Scrawl. Successively, Scrawl will bypass the addresses and, in the case of an answer to this address, skins the resulting answer, rendering it in the browser.
As a result, out of three and a half hundred scanned IP addresses, web interfaces were found at two dozen addresses, of which three devices turned out to be with standard login-passwords.
From unrealized. Since the move did not work out a multi-threaded list of URLs, so while in turn. For example, 200 IP addresses were checked slowly for an hour and a half. You can also implement an automatic check of the standard password depending on the device, but it is necessary to implement the scripts, because somewhere http authorization, somewhere forms, where the forms there either have a login and password, or just a password, and the names of the form fields are different everywhere (I saw John Rezig in the repository like that). For now, it is easier to enter the admin / admin, admin / 1234 pairs on the detected web interfaces using pens, and then calm down.
I hope someone will come in handy in their daily work, and you will find use for the Scrawl screenshot.
At first, it was just CURL'om that twitched the IP addresses of subscribers (it turned out that some devices rebuy with a simple HTTP POST request), and then I wanted to scan and get the beauty somehow. In general, it turned out Scrawl - a screenshot of sites ( project site , repository ).
On the fashionable wave of headless browsers, I wanted to try PhantomJS , a more convenient interface to which CasperJS gives, and then it became desirable to use it in conjunction with Node.JS, so I began to use SpookyJS .
')
Installed, launched (detailed installation instructions in the project repository ) and got a web interface for downloading a list of IP addresses or domains for sequential crawling and receiving screenshots. Now you can get somewhere from your equipment or system a list of addresses to be checked and upload them to Scrawl. Successively, Scrawl will bypass the addresses and, in the case of an answer to this address, skins the resulting answer, rendering it in the browser.
As a result, out of three and a half hundred scanned IP addresses, web interfaces were found at two dozen addresses, of which three devices turned out to be with standard login-passwords.
From unrealized. Since the move did not work out a multi-threaded list of URLs, so while in turn. For example, 200 IP addresses were checked slowly for an hour and a half. You can also implement an automatic check of the standard password depending on the device, but it is necessary to implement the scripts, because somewhere http authorization, somewhere forms, where the forms there either have a login and password, or just a password, and the names of the form fields are different everywhere (I saw John Rezig in the repository like that). For now, it is easier to enter the admin / admin, admin / 1234 pairs on the detected web interfaces using pens, and then calm down.
I hope someone will come in handy in their daily work, and you will find use for the Scrawl screenshot.
Source: https://habr.com/ru/post/235937/
All Articles