module
Moxa Device Credential Retrieval
| Disclosed | Created |
|---|---|
| 07/28/2015 | 05/30/2018 |
Disclosed
07/28/2015
Created
05/30/2018
Description
The Moxa protocol listens on 4800/UDP and will respond to broadcast
or direct traffic. The service is known to be used on Moxa devices
in the NPort, OnCell, and MGate product lines. Many devices with
firmware versions older than 2017 or late 2016 allow admin credentials
and SNMP read and read/write community strings to be retrieved without
authentication.
This module is the work of Patrick DeSantis of Cisco Talos and K. Reid
Wightman.
Tested on: Moxa NPort 6250 firmware v1.13, MGate MB3170 firmware 2.5,
and NPort 5110 firmware 2.6.
or direct traffic. The service is known to be used on Moxa devices
in the NPort, OnCell, and MGate product lines. Many devices with
firmware versions older than 2017 or late 2016 allow admin credentials
and SNMP read and read/write community strings to be retrieved without
authentication.
This module is the work of Patrick DeSantis of Cisco Talos and K. Reid
Wightman.
Tested on: Moxa NPort 6250 firmware v1.13, MGate MB3170 firmware 2.5,
and NPort 5110 firmware 2.6.
Authors
Patrick DeSantis K. Reid Wightman
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/admin/scada/moxa_credentials_recovery
msf /(y) > show actions
...actions...
msf /(y) > set ACTION < action-name >
msf /(y) > show options
...show and set options...
msf /(y) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.