Lab Title

Metasploit Practice - D Link User Agent Backdoor Scanner

Level:

Easy

Description:
This module attempts to find d-link devices running alpha networks web interfaces affected by the backdoor
found on the user-agent header for authentication bypassing. This module has been tested successfully on a
dir-100 device with firmware version v1.13.Find the user-agent header.

URL:

Link to Lab

Lab Steps:

Note: (Copy-Paste functions on Kali Machine are to be performed using Clipboard, Clipboard feature can
be used from the floating menu present in the Left Side of the Screen)

1. Click on the Start Lab (Target Name can be seen here).

2. Click on the Attacker Machine.

3. Once Kali Machine is started, Go to the Menu Option down below , Select Usual Applications,
Accessories and Click on Terminal Emulator.

4. Once Terminal is started , Start Metasploit Framework to find the user agent header.

Run the following Command

msfconsole

use auxiliary/scanner/http/dlink_user_agent_backdoor

set RHOSTS <TARGET_NAME>

exploit

You will see that the target is vulnerable to auth bypass from headers.

To complete the Lab paste User-Agent Header in the Submit Answer Field.