This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "D-Link router Command Execution", | |
"description": """This module exploits a vulnerability in D-Link router httpd server. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.""", | |
"authors": ( |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
open System | |
open System.IO | |
(* | |
how it works | |
- computes the Zipfs law letter distribution | |
- finds all words with 7 distinct letters | |
- from those it can then generate puzzles by placing the least likely letter in the center | |
*) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import base64 | |
import json | |
import re | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "QNAP Q'Center change_passwd Command Execution", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
import re | |
import string | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "HomeMatic Zentrale CCU2 - RCE", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
import re | |
import string | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "Axis Network Camera RCE", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from routersploit.core.exploit import * | |
from routersploit.modules.creds.generic.http_basic_digest_default import Exploit as HTTPBasicDigestDefault | |
class Exploit(HTTPBasicDigestDefault): | |
__info__ = { | |
"name": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Creds - HTTP Auth", | |
"description": "Module performs dictionary attack against Microhard Systems " | |
"3G/4G Cellular Ethernet and Serial Gateway web interface. " | |
"If valid credentials are found, they are displayed to the user.", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
import string | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "ASUS Router Password Reset", | |
"description": "Module exploits remote flaw in ASUS devices to reset the " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random | |
import string | |
from routersploit.core.exploit import * | |
from routersploit.core.http.http_client import HTTPClient | |
class Exploit(HTTPClient): | |
__info__ = { | |
"name": "ASUS Router AiCloud XXE", | |
"description": "Module exploits remote XXE flaw in ASUS device AiCloud service. " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vagrant.configure("2") do |config| | |
config.vm.box = "ubuntu/xenial64" | |
# progressbar via https://askubuntu.com/questions/445245/how-do-i-enable-fancy-apt-colours-and-progress-bars | |
# from https://dev.gravwell.io/docs/#!quickstart/quickstart.md | |
$script = <<SCRIPT | |
mkdir -p /etc/apt/apt.conf.d | |
echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# routersploit/modules/payloads/php/bind_tcp.py | |
from base64 import b64encode | |
from routersploit.core.exploit import * | |
from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload | |
class Exploit(BindTCPPayloadMixin, GenericPayload): | |
__info__ = { | |
"name": "PHP Bind TCP", |