def interact(ip, port, creds):
"""
@summary: If creds are good we will come here and enumerate
"""
user = creds['user']
pw = creds['pass']
userAgent = creds['userAgent']
cookie = creds['cookie']
postContent = 'SERVICES=DEVICE.HOSTNAME%2CINET.LAN-1%2CDHCPS4.LAN-1%2CRUNTIME.INF.LAN-1%2CURLCTRL'
scan = resources.web_scanner_config('POST', '/getcfg.php', ip, postContent, cookie, userAgent)
tmp = resources.netcat(ip, port, scan)
xmlOutput = resources.xml_http_parser(tmp)
tree = ET.ElementTree(ET.fromstring(xmlOutput))
print tree
def get_creds(ip, port, data):
"""
@summary: This will try default creds on a D-Link device.
Tested on DIR-815 Firmware 1.04 11/13/2013
"""
users = ['admin']
passwords = ['']
creds = { 'user' : None,
'pass' : None,
'userAgent' : resources.get_user_agent_string(),
'cookie' : resources.get_random_cookie()
}
for user in users:
for pw in passwords:
postContent = 'REPORT_METHOD=xml&ACTION=login_plaintext&USER=%s&PASSWD=%s&CAPTCHA=' %(user, pw)
scan = resources.web_scanner_config('POST', '/session.cgi', ip, postContent, creds['cookie'], creds['userAgent'])
tmp = resources.netcat(ip, port, scan)
if re.search('<RESULT>INVALIDPASSWD</RESULT>', tmp):
creds['user'] = user
continue
elif re.search('<RESULT>INVALIDUSER</RESULT>', tmp):
break
elif re.search('<RESULT>SUCCESS</RESULT>', tmp):
print 'Creds:\n\tUser: %s\n\tPass: %s' %(user, pw)
creds['user'] = user
creds['pass'] = pw
return creds
if creds['user'] is not None:
print 'Creds:\n\tUser: %s\n\tPass: <Could Not Find>' %(user)
return creds
else:
return False
def scanner_web(ip, port):
webScan = resources.web_scanner_config('GET', '/', ip)
results = resources.netcat(ip, port, webScan)
if results:
web.main(ip, port, results)