Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Maestro LuCI Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#maestro#luci
Description

What is the "Maestro LuCI Login Panel - Detect?"

The "Maestro LuCI Login Panel - Detect" module is designed to detect the presence of the Maestro LuCI login panel. LuCI is a web interface used for managing OpenWrt-based routers. This module specifically targets the login panel and checks for the presence of specific HTML elements and a successful HTTP response status code.

This module is classified as informative, meaning it provides information about the presence of the login panel but does not indicate any specific misconfiguration or vulnerability.

This module was authored by tess.

Impact

The impact of detecting the Maestro LuCI login panel is primarily informational. It indicates that the web interface for managing the OpenWrt-based router is accessible and functioning as expected.

How does the module work?

The module works by sending a GET request to the "/cgi-bin/luci" path of the target website. It then checks for specific HTML elements in the response body, including the presence of the "" tag and the text "Please enter your username and password."

In addition to the HTML matchers, the module also verifies that the HTTP response status code is 200, indicating a successful request.

Here is an example of the HTTP request sent by the module:

GET /cgi-bin/luci

The module uses the following matching conditions:

- Matcher 1: It checks for the presence of the "" tag and the text "Please enter your username and password." in the response body. - Matcher 2: It verifies that the HTTP response status code is 200.

The module considers the detection successful if both matchers are satisfied.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin/luci
Matching conditions
word: <title>Maestro - LuCI</title>, Please en...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability