Commits · 050bb861ce87a6a39e486c0c1721673c77958faa · czos-dpend / routersploit

10 May, 2018 1 commit

tc7200_password_disclosure_v2: fix vulnerability check and wrong pycrypto call (#406) · 050bb861

* Fix vulnerability check in tc7200_password_disclosure_v2

Use an encrypted zero block to identify the binary settings backup data.

* Make tc7200_password_disclosure_v2 compatible with new pycrypto

The decryption routine uses AES in ECB mode. The pycrypto module is used for this routine. ECB does not involve any initialization vector (IV). However routersploit uses one that is 16 NUL bytes. Older pycrypto versions just ignored this, but newer versions (at least since 2.6) error on using an IV with ECB.

* tc7200_password_disclosure_v2: adapt test to the binary check

* add missing import

authored May 10, 2018

050bb861 Browse Files

09 May, 2018 4 commits
- Removing https warnings (#405) · bc35081d
  Marcin Bury authored May 09, 2018
  
  bc35081d Browse Files
- Removing issue template comments (#404) · adc0b62a
  Marcin Bury authored May 09, 2018
  
  adc0b62a Browse Files
- Adding issue template (#403) · 5f9a5871
  Marcin Bury authored May 09, 2018
  
  5f9a5871 Browse Files
- Fixed ubuntu pip requirements install command (#400) · c04f22b7
  Martino Lessio authored May 09, 2018
  
  c04f22b7 Browse Files
08 May, 2018 7 commits
- Adding new asciinema video · 0eb2cac8
  lucyoa authored May 08, 2018
  
  0eb2cac8 Browse Files
- Adding Travis status · 97942139
  lucyoa authored May 08, 2018
  
  97942139 Browse Files
- Fixing issue with pip · 19982880
  lucyoa authored May 08, 2018
  
  19982880 Browse Files
- Supporting only Python3.6 · bc6c0a28
  lucyoa authored May 08, 2018
  
  bc6c0a28 Browse Files
- Adding threat9-test-bed · fd644340
  lucyoa authored May 08, 2018
  
  fd644340 Browse Files
- Test ci (#397) · 3ea4a537
```
* Adding travis

* Fixing .travis.yml
```
  Marcin Bury authored May 08, 2018
  3ea4a537 Browse Files
- Adding travis (#396) · 567d2c93
  Marcin Bury authored May 08, 2018
  
  567d2c93 Browse Files
07 May, 2018 6 commits
- Fixing generic ssh_keys_auth module (#395) · 7383c584
  Marcin Bury authored May 07, 2018
  
  7383c584 Browse Files
- Adding exploit for CVE-2018-10561 - GPON Home Gateway RCE (#394) · b251580d
  Marcin Bury authored May 07, 2018
  
  b251580d Browse Files
- Adding exploit for CVE-2018-9995 - DVR Creds Disclosure (#393) · f9d52917
  Marcin Bury authored May 07, 2018
  
  f9d52917 Browse Files
- Adding XiongMai UCHTTPd Path Traversal exploit (#391) · 757aa6a9
  Marcin Bury authored May 07, 2018
  
  757aa6a9 Browse Files
- Adding D-Link DIR-850L Creds Disclosure exploit (#390) · b32791b0
  Marcin Bury authored May 07, 2018
  
  b32791b0 Browse Files
- Update dir_300_320_600_615_info_disclosure.py (#388) · 7aef97f9
```
DIR-300 B1 with firmware 2.02 may have '\nuser' after admin password.
```
  Maccheroni authored May 07, 2018
  7aef97f9 Browse Files
06 May, 2018 5 commits
- Removing template functionality (#389) · 822deeba
  Marcin Bury authored May 06, 2018
  
  822deeba Browse Files
- Adding device type scanners (#387) · 278c14e3
  Marcin Bury authored May 06, 2018
  
  278c14e3 Browse Files
- Delete CVMS2025_credentials_disclosure.py · 28fe0391
  Marcin Bury authored May 06, 2018
  
  28fe0391 Browse Files
- Fixing exploit name and tests (#386) · 8450286d
  Marcin Bury authored May 06, 2018
  
  8450286d Browse Files
- Bump v3.0.0 (#385) · 9380c047
```
* Bump v3.0.0

* Adding Slack invitation link
```
  Marcin Bury authored May 06, 2018
  9380c047 Browse Files
03 May, 2018 1 commit
- Fixing reverse-shell to threat9 · 8a04b08b
  lucyoa authored May 03, 2018
  
  8a04b08b Browse Files
28 Apr, 2018 1 commit
- Fixing issue with broken pip (#380) · 137f62f1
  Marcin Bury authored Apr 28, 2018
  
  137f62f1 Browse Files
27 Feb, 2018 1 commit

Validate exploit's setup before `run` and `check` commands (#367) · 5919df7e

Introduce `Exploit.validate_setup` method in order to check whether
Exploit's setup is correct. In most case scanarios we will check
if `Exploit.target` is not `None`. When exploit need custom
validation logic please overwrite `validate_setup`.

authored Feb 27, 2018

5919df7e Browse Files

24 Feb, 2018 1 commit
- Update docker information in README.md · 5fd3e7d8
  Mariusz Kupidura authored Feb 24, 2018
  
  5fd3e7d8 Browse Files
22 Feb, 2018 1 commit
- Remove gnureadline leftovers (#365) · ea4f4676
  Mariusz Kupidura authored Feb 22, 2018
  
  ea4f4676 Browse Files
05 Feb, 2018 1 commit
- Remove `gnureadline` package. (#336) · 88551596
```
LGTM
```
  Mariusz Kupidura authored Feb 05, 2018
  88551596 Browse Files
28 Jan, 2018 2 commits
- Fix Readme.me (#360) · 09af20b4
```
CentOS installation instructions were not complete
```
  Pablo Hinojosa authored Jan 28, 2018
  09af20b4 Browse Files
- Update defaults.txt (#361) · e96771d9
```
Add juniper defaults
```
  Alexey Mozzhakov authored Jan 28, 2018
  e96771d9 Browse Files
14 Jan, 2018 2 commits
- Make print_table auto warp column value (#353) · 5117d272
  dark-lbp authored Jan 14, 2018
  
  5117d272 Browse Files
- Updated README (#354) · d7c4ab60
```
Added installation instructions of openSUSE Tumbleweed to the README file.
```
  Thomas authored Jan 14, 2018
  d7c4ab60 Browse Files
14 Nov, 2017 1 commit
- ZXHN H108N V2.5, module 'ZTE ZXV10 RCE': Fixed false positive issue #305 (#346) · 52679c7c
```
* Router detected as vulnerable while its not #305

* Fixed typo error

* Check status code instead of string
```
  Alex Hilgert authored Nov 14, 2017
  52679c7c Browse Files
10 Nov, 2017 1 commit

Rom-0 exploit - check error (#342) · f8f7d65e

The HTTP HEAD method in general doesn't return the content of the body, unless it is a redirection page, so line `and len(response.text) > 500:` will never be true if second line of check `response = http_request(method="HEAD", url=url)` get a response.

As result, devices seem no vulnerable when actually it is.

Data:
```
HEAD /rom-0 HTTP/1.1
Host: 192.168.254.254
Connection: keep-alive
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.18.4


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Sat, 01 Jan 2000 00:18:54 GMT
Last-Modified: Wed, 01 Jan 1930 00:18:54 GMT
Content-Length: 16384
Server: RomPager/4.07 UPnP/1.0
EXT:
```

My suggestion is just to check whether content type doesn't return "text/html" as value, so it correct this issue and keep the previous false positive fixed.

`and "html" not in response.headers['Content-Type']:`
or
`and response.headers['Content-Type'] == "application/octet-stream":

That'is it.

authored Nov 10, 2017

f8f7d65e Browse Files

25 Oct, 2017 3 commits
- Fixing pep · 46174915
  lucyoa authored Oct 25, 2017
  
  46174915 Browse Files
- DLINK Hedwig CGI BOF Exec (#335) · 723ee3e0
```
* Create multi_hedwig_cgi_exec.py

* update to proper format

* remove whitespace

* remove u
```
  Austin authored Oct 25, 2017
  723ee3e0 Browse Files
- Payloads fixes (#337) · df6e1b66
```
* Fixing payloads

* Pep fixes
```
  Marcin Bury authored Oct 25, 2017
  df6e1b66 Browse Files
24 Oct, 2017 1 commit
- Remove `future` package reference. · 86b8c55e
  fwkz authored Oct 24, 2017
  
  86b8c55e Browse Files
23 Oct, 2017 1 commit
- Adding timeouts (#334) · 42263a70
```
* Adding timeouts

* Adding exceptions

* Fixing E741
```
  Marcin Bury authored Oct 23, 2017
  42263a70 Browse Files