Skip to content

R
routersploit
Unverified Commit 2ee21d01 by Marcin Bury Committed by GitHub
Options

Fixing undefined names (#434)

parent 5ea63d0e
Showing with 4 additions and 442 deletions
routersploit/core/exploit/printer.py
......@@ -39,7 +39,6 @@ def __cprint(*args, **kwargs):
if not kwargs.pop("verbose", True):
return
color = kwargs.get("color", None)
sep = kwargs.get("sep", " ")
end = kwargs.get("end", "\n")
thread = threading.current_thread()
......@@ -48,12 +47,7 @@ def __cprint(*args, **kwargs):
except IndexError:
file_ = kwargs.get("file", sys.stdout)
if color:
printer_queue.put(PrintResource(content="\033[{}m".format(colors[color]), end="", file=file_, sep=sep, thread=thread))
printer_queue.put(PrintResource(content=args, end="", file=file_, sep=sep, thread=thread)) # TODO printing text that starts from newline
printer_queue.put(PrintResource(content="\033[0m", sep=sep, end=end, file=file_, thread=thread))
else:
printer_queue.put(PrintResource(content=args, sep=sep, end=end, file=file_, thread=thread))
printer_queue.put(PrintResource(content=args, sep=sep, end=end, file=file_, thread=thread))
def print_error(*args, **kwargs):
......
routersploit/core/exploit/utils.py
......@@ -8,7 +8,7 @@ from functools import wraps
import routersploit.modules as rsf_modules
import routersploit.resources.wordlists as wordlists
from routersploit.core.exploit.printer import print_error
from routersploit.core.exploit.printer import print_error, print_info
from routersploit.core.exploit.exceptions import RoutersploitException
MODULES_DIR = rsf_modules.__path__[0]
......
routersploit/core/telnet/telnet_client.py
......@@ -95,7 +95,7 @@ class TelnetClient(Exploit):
return None
def telnet_close(self, telnete_client):
def telnet_close(self, telnet_client):
if telnet_client:
telnet_client.close()
......
tests/exploits/routers/belkin/test_n750_twonky_rce.py deleted 100644 → 0
from unittest import mock
from flask import request
#from routersploit.modules.exploits.routers.belkin.n750_twonky_rce import Exploit
def apply_response(*args, **kwargs):
return (
"""
TEST
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/usr/sbin/nologin
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/usr/sbin/nologin
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/usr/sbin/nologin
_apt:x:104:65534::/nonexistent:/usr/sbin/nologin
mysql:x:105:109:MySQL Server,,,:/nonexistent:/bin/false
epmd:x:106:110::/var/run/epmd:/usr/sbin/nologin
Debian-exim:x:107:111::/var/spool/exim4:/usr/sbin/nologin
uuidd:x:108:113::/run/uuidd:/usr/sbin/nologin
rwhod:x:109:65534::/var/spool/rwho:/usr/sbin/nologin
redsocks:x:110:114::/var/run/redsocks:/usr/sbin/nologin
usbmux:x:111:46:usbmux daemon,,,:/var/lib/usbmux:/usr/sbin/nologin
miredo:x:112:65534::/var/run/miredo:/usr/sbin/nologin
Debian-snmp:x:113:115::/var/lib/snmp:/bin/false
ntp:x:114:116::/nonexistent:/usr/sbin/nologin
stunnel4:x:115:118::/var/run/stunnel4:/usr/sbin/nologin
rtkit:x:116:119:RealtimeKit,,,:/proc:/usr/sbin/nologin
postgres:x:117:120:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
dnsmasq:x:118:65534:dnsmasq,,,:/var/lib/misc:/usr/sbin/nologin
messagebus:x:119:121::/var/run/dbus:/usr/sbin/nologin
iodine:x:120:65534::/var/run/iodine:/usr/sbin/nologin
arpwatch:x:121:123:ARP Watcher,,,:/var/lib/arpwatch:/bin/sh
sslh:x:122:127::/nonexistent:/usr/sbin/nologin
gluster:x:123:129::/var/lib/glusterd:/usr/sbin/nologin
couchdb:x:124:130:CouchDB Administrator,,,:/var/lib/couchdb:/bin/bash
avahi:x:125:133:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/usr/sbin/nologin
sshd:x:126:65534::/run/sshd:/usr/sbin/nologin
colord:x:127:134:colord colour management daemon,,,:/var/lib/colord:/usr/sbin/nologin
saned:x:128:136::/var/lib/saned:/usr/sbin/nologin
speech-dispatcher:x:129:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
pulse:x:130:137:PulseAudio daemon,,,:/var/run/pulse:/usr/sbin/nologin
Debian-gdm:x:131:139:Gnome Display Manager:/var/lib/gdm3:/bin/false
king-phisher:x:132:140::/var/lib/king-phisher:/usr/sbin/nologin
dradis:x:133:141::/var/lib/dradis:/usr/sbin/nologin
beef-xss:x:134:142::/var/lib/beef-xss:/usr/sbin/nologin
TEST
"""
), 200
#@mock.patch("routersploit.modules.exploits.routers.belkin.n750_twonky_rce.shell")
#def test_check_success(mocked_shell, target)
def test_check_success(target):
""" Test scenario - successful check """
route_mock = target.get_route_mock("/twonky_cmd.cgi", methods=["GET"])
route_mock.side_effect = apply_response
return
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/billion/test_billion_7700n4_password_disclosure.py
#from routersploit.modules.exploits.routers.billion.7700nr4_password_disclosure import Exploit
from routersploit.modules.exploits.routers.billion.billion_7700nr4_password_disclosure import Exploit
def test_check_success(target):
""" Test scenario - successful check """
return
route_mock = target.get_route_mock("/backupsettings.conf", methods=["GET"])
route_mock.return_value = (
"test"
......
tests/exploits/routers/dlink/test_dir_8xx_auth_bypass_info_disclosure.py deleted 100644 → 0
from flask import request
#from routersploit.modules.exploits.routers.dlink.dir_8xx_auth_bypass_info_disclosure import Exploit
def apply_response():
""" Response for exploit requests """
if "A" not in request.args.keys():
response = "<html><body><div>Authentication Fail!</div></body></html>"
else:
response = """
<html>
<script type="text/javascript" charset="utf-8" src="/js/configuration/DeviceConfig.js"></script>
<script>
function GetLangcode()
{
var langcode = "";
document.getElementById("langcode").innerHTML = (langcode=="")? "en":langcode;
}
function toHex( n )
{
var digitArray = new Array('0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f');
var result = ''
var start = true;
for (var i=32; i>0;)
{
i -= 4;
var digit = ( n >> i ) & 0xf;
if (!start || digit != 0)
{
start = false;
result += digitArray[digit];
}
}
return ( result == '' ? '0' : result );
}
function pad( str, len, pad )
{
var result = str;
for (var i=str.length; i<len; i++)
{
result = pad + result;
}
return result;
}
function EncodeHex()
{
var str = "2016 11 29 12 04";
var result = "";
for (var i=0; i<str.length; i++)
{
if (str.substring(i,i+1).match(/[^\\x00-\\xff]/g) != null)
{
result += escape(str.substring(i,i+1), 1).replace(/%/g,'\\\\');
}
else
{
result += pad(toHex(str.substring(i,i+1).charCodeAt(0)&0xff),2,'0');
}
}
document.getElementById("checksum").innerHTML = result.substring(result.length-8,result.length);
}
function GetQueryUrl()
{
var fwsrv = "wrpd.dlink.com";
var fwpath= "/router/firmware/query.aspx";
var model = "DIR-885L";
var fwver = "1.13";
var hwstr = "";
var hwver = "Ax";
if (hwstr == "")
{
hwstr = "A2";
}
function removeSymbol(input, symbol)
{
var ary = input.split(symbol);
var res = "";
for (var i=0;i<ary.length;i++)
{
res += ary[i];
}
return res;
}
var mac = removeSymbol("10:62:eb:99:e9:5c", ":");
fwver =removeSymbol(fwver,".");
if (fwver.length == 3)
fwver = "0"+fwver;
else if(fwver.length > 3)
fwver = "0" + fwver.substring(0,3);
//get fw check parameter add by sam_pan
var fwcheckparameter = "";
// Get hw revision
for(i=0; i<hwstr.length; i++)
{
char_code = hwstr.charAt(i);
if ((char_code >= 'a' && char_code <= 'z') ||
(char_code >= 'A' && char_code <= 'Z'))
{
hwver=char_code.toUpperCase()+"x";
break;
}
}
if(fwcheckparameter == "")
{
fwcheckparameter = hwver+"_Default";
}
else
{
fwcheckparameter = hwver+"_"+fwcheckparameter;
}
document.getElementById("fwq").innerHTML = "http:\\/\\/"+fwsrv+fwpath+"?model="+model+"_"+fwcheckparameter+"_FW_"+fwver+"_"+mac;
}
function Configured()
{
document.getElementById("configured").innerHTML = "0(Not default)";
}
function OnLoad()
{
GetLangcode();
EncodeHex();
GetQueryUrl();
Configured();
document.getElementById("fw_gui_ver").innerHTML = GUIVersion;
}
</script>
<body onload="OnLoad();">
<div">
<h1>Version</h1>
<div class="emptyline"></div>
<div class="info">
<span class="name">Firmware External Version :</span>
<span class="value">V1.13</span>
</div>
<div class="info" style="display:none;">
<span class="name">Firmware External Revision :</span>
<span class="value">b03</span>
</div>
<div class="info">
<span class="name">Firmware Internal Version :</span>
<span class="value" style="text-transform:uppercase;">V1.13b03</span>
</div>
<div class="info" style="display:none;">
<span class="name">Firmware GUI Version :</span>
<span class="value" style="text-transform:uppercase;" id="fw_gui_ver"></span>
</div>
<div class="info" style="display:none;">
<span class="name">Language Package :</span>
<span class="value" id="langcode"></span>
</div>
<div class="info">
<span class="name">Date :</span>
<span class="value">29, Nov, 2016</span>
</div>
<div class="info">
<span class="name">CheckSum :</span>
<span class="value" id="checksum"></span>
</div>
<div class="info">
<span class="name">2.4GHz regulation domain :</span>
<span class="value">
EU<br>&nbsp;&nbsp;1,2,3,4,5,6,7,8,9,10,11,12,13
</span>
</div>
<div class="info" >
<span class="name">5GHz country code :</span>
<span class="value">
EU/GB<br>&nbsp;&nbsp;36,40,44,48,
</span>
</div>
<div class="info" >
<span class="name">5GHz DFS Channel :</span>
<span class="value">
</span>
</div>
<div class="info" style="display:none;">
<span class="name">802.11 country code :</span>
<span class="value">
UK
</span>
</div>
<div class="info" style="display:none;">
<span class="name">Bootcode Version :</span>
<span class="value">1232</span>
</div>
<div class="info" style="display:none;">
<span class="name">Kernel :</span>
<span class="value">Linux version 2.6.36.4brcmarm+ </span>
</div>
<div class="info">
<span class="name">Firmware Query :</span>
<span class="value" id="fwq"></span>
</div>
<div class="info" style="display:none;">
<span class="name">Apps :</span>
<span class="value">Tue 29 Nov 2016</span>
</div>
<div class="info" style="display:none;">
<span class="name">WLAN Driver :</span>
<span class="value">BGN band: BCM4331 + AC band: BCM4360</span>
</div>
<div class="info" >
<span class="name">LAN MAC :</span>
<span class="value">10:62:eb:99:e9:5c</span>
</div>
<div class="info" style="display:none;">
<span class="name">WAN MAC :</span>
<span class="value">10:62:eb:99:e9:5f</span>
</div>
<div class="info">
<span class="name">2.4GHz WLAN MAC :</span>
<span class="value">10:62:eb:99:e9:5c</span>
</div>
<div class="info" >
<span class="name">5GHz WLAN MAC :</span>
<span class="value">
10:62:eb:99:e9:5e</span>
</div>
<div class="info" style="display:none;" >
<span class="name">5GHz WLAN MAC2 :</span>
<span class="value">
</span>
</div>
<div class="info">
<span class="name">SSID (2.4G) :</span>
<pre style="font-family:Tahoma"><span class="value">dlink-E95C</span></pre>
</div>
<div class="info" >
<span class="name">SSID (5G) :</span>
<pre style="font-family:Tahoma"><span class="value">dlink-E95C</span></pre>
</div>
<div class="info" style="display:none;" >
<span class="name">SSID (Secondary 5G) :</span>
<pre style="font-family:Tahoma"><span class="value">dlink</span></pre>
</div>
<div class="info">
<span class="name">Factory Default :</span>
<span class="value" id="configured"></span>
</div>
<div class="gap"></div>
<div class="info">
<span class="name"></span>
<span class="value">
<input type="button" value="Continue" onClick='self.location.href="Home.html";' />
</span>
</div>
<div class="emptyline"></div>
</div>
</body>
</html>
"""
return response, 200
def test_exploit_successful(target):
return
""" Test scenario - successful exploitation """
cgi_mock = target.get_route_mock("/version.php", methods=["GET", "POST"])
cgi_mock.side_effect = apply_response
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/dlink/test_dlink_auth_bypass.py deleted 100644 → 0
#from routersploit.modules.exploits.routers.dlink.dlink_auth_bypass import Exploit
def test_check_success(target):
return
""" Test scenario - successful check """
cgi_mock = target.get_route_mock("/", methods=["GET"])
cgi_mock.return_value = (
"test"
"Home/bsc_internet.htm"
"test"
"/public/logout.htm"
"test"
)
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/dlink/test_multi_hnap_rce_exploit.py deleted 100644 → 0
from flask import request
#from routersploit.modules.exploits.routers.dlink.multi_hnap_rce_exploit import Exploit
payload = None
def apply_response(*args, **kwargs):
global payload
payload = request.headers['SOAPAction']
return "TEST", 200
def response_func(*args, **kwargs):
global payload
return payload, 200
def test_check_success(target):
return
""" Test scenario - successful check """
global payload
cgi_mock1 = target.get_route_mock("/HNAP1/", methods=["POST"])
cgi_mock1.side_effect = apply_response
cgi_mock2 = target.get_route_mock("/HNAP1/<path:dummy>", methods=["GET"])
cgi_mock2.side_effect = response_func
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/netgear/test_dgn1000_dgn2200_rce.py deleted 100644 → 0
from flask import request
#from routersploit.modules.exploits.routers.netgear.dgn1000_dgn2200_rce import Exploit
def apply_response(*args, **kwargs):
res = request.args['cmd']
data = "TEST" + res + "TEST"
return data, 200
def test_check_success(target):
return
""" Test scenario - successful check """
route_mock = target.get_route_mock("/setup.cgi", methods=["GET"])
route_mock.side_effect = apply_response
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment