Adding path support for HTTPBasic modules, adding new default creds.

eda0455f · Marcin Bury · 4ca0bd85 · eda0455f · eda0455f · eda0455f
Commit eda0455f authored Apr 14, 2016 by Marcin Bury
Showing with 13 additions and 6 deletions

http_basic_bruteforce.py routersploit/modules/creds/http_basic_bruteforce.py +3 -2

http_basic_default.py routersploit/modules/creds/http_basic_default.py +3 -2

defaults.txt routersploit/wordlists/defaults.txt +7 -2

No files found.
--- a/routersploit/modules/creds/http_basic_bruteforce.py
+++ b/routersploit/modules/creds/http_basic_bruteforce.py
@@ -32,12 +32,13 @@ class Exploit(exploits.Exploit):
    threads = exploits.Option(8, 'Numbers of threads')
    usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
    passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
+    path = exploits.Option('/', 'URL Path')

    credentials = []

    def run(self):
        self.credentials = []
-        url = sanitize_url("{}:{}".format(self.target, self.port))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))

        try:
            r = requests.get(url)
@@ -75,7 +76,7 @@ class Exploit(exploits.Exploit):

    def target_function(self, running, data):
        name = threading.current_thread().name
-        url = sanitize_url("{}:{}".format(self.target, self.port))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))

        print_status(name, 'process is starting...')


--- a/routersploit/modules/creds/http_basic_default.py
+++ b/routersploit/modules/creds/http_basic_default.py
@@ -29,12 +29,13 @@ class Exploit(exploits.Exploit):
    port = exploits.Option(80, 'Target port') 
    threads = exploits.Option(8, 'Number of threads')
    defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
+    path = exploits.Option('/', 'URL Path')

    credentials = []

    def run(self):
        self.credentials = []
-        url = sanitize_url("{}:{}".format(self.target, self.port))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))

        try:
            r = requests.get(url)
@@ -66,7 +67,7 @@ class Exploit(exploits.Exploit):

    def target_function(self, running, data):
        name = threading.current_thread().name
-        url = sanitize_url("{}:{}".format(self.target, self.port))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))

        print_status(name, 'process is starting...')


--- a/routersploit/wordlists/defaults.txt
+++ b/routersploit/wordlists/defaults.txt
@@ -6,7 +6,7 @@
 ADMINISTRATOR:ADMINISTRATOR
 ADMN:admn
 ADVMAIL:HP
-ADVMAIL:HPOFFICE DATA
+ADVMAIL:HPOFFICE
 Admin:admin
 Administrator:3ware
 Administrator:admin
@@ -16,7 +16,7 @@ Administrator:letmein
 Administrator:password
 Administrator:pilou
 Administrator:smcadmin
-Administrator:the same all over
+Administrator:admin
 Any:12345
 CSG:SESAME
 Cisco:Cisco
@@ -174,6 +174,8 @@ admin:synnet
 admin:sysAdmin
 admin:system
 admin:visual
+admin:test
+admin:test1
 admin:w2402
 admin:xad$l#12
 admin:zoomadsl
@@ -222,6 +224,7 @@ deskalt:password
 deskman:changeme
 desknorm:password
 deskres:password
+dev:dev
 device:device
 dhs3mt:dhs3mt
 dhs3pms:dhs3pms
@@ -373,6 +376,8 @@ telco:telco
 telecom:telecom
 tellabs:tellabs#1
 temp1:password
+test:test
+test:test1
 tiara:tiaranet
 tiger:tiger123
 topicalt:password