1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
from unittest import mock
from flask import request
#from routersploit.modules.exploits.routers.belkin.n750_twonky_rce import Exploit
def apply_response(*args, **kwargs):
return (
"""
TEST
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
mysql:x:105:109:MySQL Server,,,:/nonexistent:/bin/false
epmd:x:106:110::/var/run/epmd:/usr/sbin/nologin
Debian-exim:x:107:111::/var/spool/exim4:/usr/sbin/nologin
uuidd:x:108:113::/run/uuidd:/usr/sbin/nologin
rwhod:x:109:65534::/var/spool/rwho:/usr/sbin/nologin
redsocks:x:110:114::/var/run/redsocks:/usr/sbin/nologin
usbmux:x:111:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
miredo:x:112:65534::/var/run/miredo:/usr/sbin/nologin
Debian-snmp:x:113:115::/var/lib/snmp:/bin/false
ntp:x:114:116::/nonexistent:/usr/sbin/nologin
stunnel4:x:115:118::/var/run/stunnel4:/usr/sbin/nologin
rtkit:x:116:119:RealtimeKit,,,:/proc:/usr/sbin/nologin
postgres:x:117:120:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
dnsmasq:x:118:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
messagebus:x:119:121::/var/run/dbus:/usr/sbin/nologin
iodine:x:120:65534::/var/run/iodine:/usr/sbin/nologin
arpwatch:x:121:123:ARP Watcher,,,:/var/lib/arpwatch:/bin/sh
sslh:x:122:127::/nonexistent:/usr/sbin/nologin
gluster:x:123:129::/var/lib/glusterd:/usr/sbin/nologin
couchdb:x:124:130:CouchDB Administrator,,,:/var/lib/couchdb:/bin/bash
avahi:x:125:133:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/usr/sbin/nologin
sshd:x:126:65534::/run/sshd:/usr/sbin/nologin
colord:x:127:134:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
saned:x:128:136::/var/lib/saned:/usr/sbin/nologin
speech-dispatcher:x:129:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
pulse:x:130:137:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin
Debian-gdm:x:131:139:Gnome Display Manager:/var/lib/gdm3:/bin/false
king-phisher:x:132:140::/var/lib/king-phisher:/usr/sbin/nologin
dradis:x:133:141::/var/lib/dradis:/usr/sbin/nologin
beef-xss:x:134:142::/var/lib/beef-xss:/usr/sbin/nologin
TEST
"""
), 200
#@mock.patch("routersploit.modules.exploits.routers.belkin.n750_twonky_rce.shell")
#def test_check_success(mocked_shell, target)
def test_check_success(target):
""" Test scenario - successful check """
route_mock = target.get_route_mock("/twonky_cmd.cgi", methods=["GET"])
route_mock.side_effect = apply_response
return
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None